Successfully reported this slideshow.
Your SlideShare is downloading. ×

Carrie Peter

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Carrie Peter
Carrie Peter
Loading in …3
×

Check these out next

1 of 32 Ad

Carrie Peter

Download to read offline

Digital Retail Africa 2023 hosted by IT News Africa - Carrie Peter speaks on Balancing User Experience and Security Compliance at Scale at the Digital Retail Africa 2023 conference. #retailtech #ecommerce #customerexperience #onlineshopping #securitycompliance

Digital Retail Africa 2023 hosted by IT News Africa - Carrie Peter speaks on Balancing User Experience and Security Compliance at Scale at the Digital Retail Africa 2023 conference. #retailtech #ecommerce #customerexperience #onlineshopping #securitycompliance

Advertisement
Advertisement

More Related Content

Similar to Carrie Peter (20)

Advertisement

Recently uploaded (20)

Carrie Peter

  1. 1. eSignatures: Balancing User Experience and Security Compliance at Scale Impression Signatures
  2. 2. The cost of getting it wrong Cyber incidents, data breaches and business interruption • The average cyber incident costs an organisation $ 400 000.00 • ENS Africa Hit with Costs (R5.5 mil) for Online Security Hack • Recent GDPR data breach fines and pay-outs: • T-Mobile $350 Million pay-out - Personal data breach • Equifax $700 Million pay-out - Personal data breach • Interserve € 5 Million fine - Insufficient technical and organisational measures to ensure information security • Clearview AI - € 20 Million fine per country - Insufficient fulfilment of data subjects rights • Meta Platforms - € 405 Million fine - Non-compliance with general data processing principles • https://www.enforcementtracker.com/ • Some companies have taken years to recover from data breaches • Recovering from the reputational damage of a public incident
  3. 3. Paper Based Process
  4. 4. Your Opportunities Getting it right from the start to prevent opportunities for fraud, abuse and data security violations
  5. 5. Digitizing from the first interaction eSignatures allow processes that are usually paper based to be digitized from the start
  6. 6. Customers don’t have to feel the complexity of your need for identity certainty Welcome, to sign this securely we need to verify you! Here’s your agreement, please keep this safe! We need to make sure it’s really you! The information in this agreement is private! Do we have your consent? 1 5 4 3 2 Customers are more likely to grant consent for intrusive biometric verification as part of the onboarding process Digital Identity in 5 steps
  7. 7. Maximizing the value of a single interaction eSignatures allow single touch interactions to enable multiple digital processes
  8. 8. Prevent fraud before it starts Learn from our Insurance customers experience Certainty of identity & non-repudiable contracting Propensity for fraud, credit checks, sim swap & bank account verification Automation, auditability, AI driven processing & voice lie detection Manual validation, fraud investigation & evidence for prosecution
  9. 9. Integrations and platforms Embedded and connected with subject matter experts Microsoft Ecosystem • Word • Excel • Outlook • SharePoint • One Drive • Adobe Process Management • Sybrin Onboarding • AppWorks • Oracle • Salesforce • SAP • XDS • Striata Document Management • Sybrin Nitro • OpenText • OnBase • DocFusion
  10. 10. Your Obligations What healthcare service providers need to do to be compliant
  11. 11. Credit Relevant Legislation Cases Credit compliance spans several pieces of RSA legislation The National Credit Act describes which particulars need to be included on every credit agreement. Section 2. (3) If a provision of this Act requires a document to be signed or initialled by a party (a) (a) an advanced electronic signature, as defined in the Electronic Communications Act, 2002 (Act No. 25 of 2002); or (b) (b) an electronic signature as defined in the Electronic Communications Act, 2002 (Act No. 25 of 2002), provided that- (a) (i) the electronic signature is applied by each party in the physical presence of the other party or an agent of the party; and (b) (ii) the credit provider must take reasonable measures to prevent the use of the consumer’s electronic signature for any purpose other than the signing or initialling of the particular document that the consumer intended to sign or initial. Advanced Electronic Signatures are defined in the Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002) as: • An electronic signature which results from a process which has been accredited by the Accreditation Authority. Section 37 and 38 of the Act stipulate the criteria for accreditation: (Section 38.1) - The electronic signature: • is uniquely linked to the signer; • is capable of identifying the signer; • is created under a means that can be maintained under the sole control of the signer; • will be linked to the data or data message to which it relates in such a manner that any subsequent change of data or data message is detectable; *Advanced Electronic Signature is the South African equivalent to QES
  12. 12. Consent & Agreement The intersection of privacy and proof of intent • Always keep a record of any consent, agreement or notification • Don’t use consent where you should use a contract • Don’t notify where you should get consent, always notify of data processing activities • Provide a closed loop process where agreements cannot be altered • Track signatory’s interactions with the agreement to prove intent
  13. 13. Contracting parties & Identity Compliance and trust require that all parties are identified • Ensure that both or all parties to a contract are identifiable, during and after the signing ceremony for the contract to be valid • Ensure that you know your customer or intended signatory • Ensure that the agreement is only available to the intended signatory • Layer controls to ensure that only the signatory can access and apply their signature
  14. 14. Restrict alteration after signing Technical controls must be in place to ensure integrity • Ensure that documents are stored in an immutable format, like PDF • Digitally sign completed documents to prevent tampering • Highlight any attempts at alteration or tampering after signing • Provide technical proof of a document original with singing evidence • Signatory identifying information • Annotations made during signing • Signing workflow or approvals
  15. 15. Provide proof of compliance Proof of compliance is required from the sending party • Understand consent and agreement requirements within existing processes and solutions • Create secure consent, agreement and approval processes that do not allow for unintended intervention or alteration • Provide technical proof of the signing process, workflow and signatory interactions • Make technical audit trails easily understood through a Chain of Custody Certificate
  16. 16. Securely store records for legislated periods Medical information is deeply sensitive and must be secured • Understand what data must be kept for what period of time • Ensure that communications around this data are sensitive and do not reveal anything that can be used to identify the patient, or prejudice them in any way • Do not store data beyond its useful life or required period • Destroy data that is no longer required • Secure networks, systems and storage appropriately to prevent cyber incidents
  17. 17. Presenting a New Standard | Cloud Signature Consortium (CSC) Membership ► How can digital trust services lead the way for digital transformation in your region? And, how can CSC play a role? We hold a valued membership at the Cloud signature consortium where we have seats on the Technical, Advocacy and Marketing Committees. Membership has afforded us the opportunity to participate in the development of a new standard to check conformance with the CSC Conformance Checker, API v2.0. Officially being released to the public XXXXX [Confirm Date] Details can be found here: https://cloudsignatureconsortium.org/join-us/associate-membership/
  18. 18. WebTrust Assurance The WebTrust Audit program is based on the following Trust Services Principles and Criteria Security The system is protected against unauthorized access (both physical and logical). Availability The system is available for operation and use as committed or agreed. Processing Integrity System processing is complete, accurate, timely, and authorized. Online Privacy Personal information obtained as a result of e-commerce is collected, used, disclosed, and retained as committed or agreed. Confidentiality Information designated as confidential is protected as committed or agreed. https://cabforum.org/wp-content/uploads/WTBR2_2.pdf
  19. 19. WebTrust Assurance Standards and security control framework 3rd Party Annual Audit • KPMG independent audit against global framework • Auditors are granted the right to conduct the audit • Evaluate controls for effectiveness, and then evaluate actual adherence to controls Controls evaluated • Physical & Logical security • Availability & Business continuity • Incident management • System development & practices • Risk management practices • Asset classification & management • Access management & Personnel security Standards • ISO - International Organization for Standardization • ETSI - European Telecommunications Standards Institute • ANSI - American National Standards Institute • CAB Forum – Certificate Authority/Browser Forum
  20. 20. Examples Industry insights, use cases and return on investment
  21. 21. Agreements are Everywhere Sales ▪ Sales Order Processing ▪ Customer Account Provisioning ▪ Special Deal Terms ▪ Referral Agreements ▪ Partner Agreements ▪ Reseller Agreements ▪ Sales Support ▪ Loan Documents ▪ Support Agreements & Renewals ▪ Commission Forms ▪ Upgrade Application ▪ Downgrade Agreement Marketing ▪ Event Registration ▪ Customer Communication Approvals ▪ Mass Mailing/Email Approval ▪ Event Vendor Agreements ▪ Rebate Agreements ▪ Sponsorship Agreements ▪ Promotion Agreements ▪ Advertising Contracts ▪ Press Release Approvals ▪ Brand Licensing Agreements ▪ Media Plan Sign-off Services ▪ Account Change ▪ Service/Work Orders ▪ Terms Change ▪ Self-Service Requests ▪ Compliance ▪ Field Service ▪ New Policy Applications ▪ Policy Cancellations / Suspensions ▪ Independents Agency Licensing ▪ EFT Authorization Human Resources ▪ Offer Letters ▪ New hire paperwork ▪ Candidate NDA ▪ On/Off-boarding checklist ▪ Employee Policy Distribution & Signature ▪ Contract Agreements ▪ Non-disclosure ▪ PTO Management ▪ Performance Appraisal ▪ Background Checks ▪ Leave Forms ▪ Grievance Forms ▪ Letter of warning Form Finance ▪ Invoice Processing ▪ Expense Processing ▪ Capitalisation Management ▪ Audit Sign-off ▪ Policy Management ▪ Inventory sign-off ▪ Asset Transfer/Retirement ▪ Grant Applications ▪ Sales & Use Tax return ▪ Consumer Account opening ▪ Deposit products IT/Operations ▪ Asset tracking ▪ Change requests ▪ Requirements Sign-off ▪ Access Management ▪ Incident Reporting ▪ Production Change Authorisation ▪ Maintenance Authorisation ▪ Authorisation ▪ Real Estate Approval ▪ Project Budget Approvals ▪ Asset Purchase Form ▪ Software Purchase Form Legal ▪ NDA’s ▪ Contract Management ▪ Internal Compliance ▪ IP Licensing ▪ Patent Applications ▪ Board minutes ▪ Affidavits ▪ Summons ▪ Engagement Letters ▪ Memoranda of Understanding ▪ Change of Ownership ▪ Share Purchase Facilities ▪ Front Desk Sign-in ▪ Work Orders ▪ Lease Agreements ▪ Move In/Out Requests ▪ Parking Permits ▪ Building Maintenance ▪ Construction CAD Drawings ▪ Equipment Load Agreements ▪ Change Justification Forms ▪ Building Permits ▪ Change Orders Product Management ▪ Change Management ▪ Release Management ▪ Code Review Reporting ▪ Requirements Acceptance ▪ Release Scope Commitment ▪ Policy Approval ▪ SDK Agreements ▪ Developer Program Enrolment ▪ Product Development Methods ▪ New Product Evaluation ▪ New Offering Announcement Procurement ▪ Purchase Order ▪ Statement of Work ▪ Master Services Agreement ▪ RFP Sign-Off ▪ Supplier Compliance ▪ Service Level Agreements ▪ Termination Letters ▪ Software Licence Agreements ▪ Rate Cards ▪ Invoice Processing ▪ Subcontractor Agreements ▪ Vendor Contracts
  22. 22. Logistic Workflow Example - Paper
  23. 23. Logistic Workflow Example - Digital
  24. 24. Gym Onboard Workflow Example
  25. 25. Customer opts to take up Insurance
  26. 26. Our Platform Accredited, Secure, Embedded & Everywhere you work
  27. 27. Return on digitisation A few of the things we’ve seen our customers achieve • Improved process & regulatory compliance • Entire company secretarial functions digitised • Governance, Risk & Compliance function digitised • Time savings through efficiencies • Requirement for printing eliminated • Signed documents returned within hours or days • Operational processes reduced from weeks to hours • Reduced costs • Paper & printing – R3mil a month in a single division of Absa • Cost savings passed to customers • Administration staff redeployed into skilled roles • Rapid implementation • 2 – 3 weeks integrated deployment at many large customers • Instant adoption on internal use • Phased embedding into own infrastructure & environment
  28. 28. Signing with Impression
  29. 29. High level embedded architecture Your People & Customers Document Generation Document Workflow & Approvals eSignature and Consent Agree Module Secure Integration Gateway Smart Document Completion EHR Systems Record Management Systems Service Bus Workflow Systems Your Internal Systems Employee Management Systems eSignature Platform Trust Onboarding Digital Identity Advanced Managed PKI Engage Email WhatsApp USSD In App Web Pad/Tablets Manage Analytics Process Analysis Audit Servicing 3rd Party APIs Additional Modules Your Infrastructure
  30. 30. Layering security for certainty
  31. 31. Bonus Quiz How many biometrics can you list? Write it on your business card and drop it at the stand or scan the code: Free 3 year Impression licence at end of survey
  32. 32. Thank You

×