The world around us is changing rapidly as it's hard to stay on top of it all and be successful at the same time by respecting compliance rules, like we are all facing. This webinar is a ramp up and awareness session to Corporate Compliance Strategy

1. 7 Steps to Build an Effective Corporate Compliance Strategy

2. Introductionsmaarten.boonen@ctp.com or LinkedIn
Cambridge Technology Partners Me
Emmy, Elodie
and Sinto

3. Introductionsroberto.delgado@avepoint.com
AvePoint
I work for
Me

4. Our deep-dive today
Lets go ……
AWARENES
S
Understandin
g Compliance
COMPLIANCE
JUNGLE
What’s out
there
WHERE DO
WE GO
FROM HERE?
And what’s our
objective?
BRILIANT
DEMO
AvePoints
Compliance
Guardian

5. Awareness
Understanding
Compliance

6. Compliance should
not be a burden nor be
an obstacle for daily
business activities

7. First some clarifications

8. “Governance is the set of policies, roles,
responsibilities, and processesthat
guides, directs, and controls how an
organization’s business divisions and I.T.
teams cooperate to achieve business
goals.”
- Micro so ft
Definition of Governance

9. What about Compliance?
Critical Data
Personal
Data
Sensitive
Data
Intellectual
Property
Regulatory
Contractual
Legal
Industry
standards
Things we need or
create
Things we we’re told to do
by
Governance Magic
set of policies, roles,
responsibilities, and
processes
Tools
To help us protect our assets
+
Compliance means incorporating standards that conform to specific requirements

10. AND ADAPTS AT BUSINESS
SPEED
FROM THIS MOMENT ON COMPLIANCE
COOL, SERIOUSIS

11. 64%
Of data breaches are tied to
human error or out-dated
system.
€ 301M
Last year’s financial loss for not
having control on the situation in
western Europe alone.
Why start taking compliance serious
after you feel the pain?
11%
Have some sort of Governance, Risk
or Compliance process in place. But
none have any idea where the gaps
are?
56%
Of organizations are hacked or
information is stolen without them
realizing it.
73%
Of organizations are unaware of the
type of information they’re producing
and it’s value.

12. Preventing is always better
Reputational
Damage
Penalties and
Fines Data
breaches
Most threats
come from
the inside

13. Learn
Respond
and
!

14. Who’s responsible for
the information
produced?

15. o The information produced is
growing to fast.
o Rapid change or expansion of
rules and regulations.
Compliance Audits
Challenges
organizations
face
SecurityNo visibility
Manual Process
o Failed before or will fail when
an audit is held.
o Problems with reporting.
o Limited staff and resources.
o Don’t know what other
business processes are doing
or what’s important to them.
o No alerting when information
is expired or need to be
reviewed.
o No idea of the type of
information and it’s value.
o No security or encryption to
protect data.
o Physical information visible to
non-employees.
o Permission and security
model is a mess or unclear.
o No warning or alert
mechanism.

16. Drivers, Motivators and Benefits
INCREASE SECURITY
NECESSITY FOR INDUSTRY CERTIFICATION
VISABILITY ON INFORMATION STREAMS
ABILITY TO BE PRO-ACTIVE
SUPPORT BUSINESS PROCESSES

17. Collaboration with confidence
It’s a balancing act and a
trade-off at the same time
Transparency Collaboration Data Protection Data
Management

18. Complianceis
not boring, it’s
cool
Therisk is
out there,
start taking it
seriouslyDon’t over do
it and let it
becomea
paper process
Start today!
Key takeaways

19. Compliance jungle
What’s out there

20. Health and
Safety
Accessibili
ty
Security
Types of regulations
Regulations arise or change very rapid
Quality
Control
Privacy
Click me to show
some examples

21. Where does this
come from?
Goverments and organizations who define
standards like, NIST, AIIM, ISO, FINMA and
others

22. Compliance follows
Common themes
CIA Triad
Confidentiali
ty
Integrit
y
Availabilit
y

23. Information must be accessible and
available to the people who should
have access to it and protected from
the people who should not!

24. HIPAA
Health Insurance Probability
and Accountability Act
A fewKey criteria
oData encryption
oInformation can never be lost
oOnly accessable to authorized
people
Industry focus
Pharmaceuticals /
Health Care / Insurance
Summary
Regulations protecting the
privacy and security of
certain health information

25. PCI DSS
Payment Card Industry
Data Security Standard
A fewKey criteria
oBuild and maintain a secure network
oEncrypt transmissions
oStrong access control measures
oTrack and monitor all access
Industry focus
Finance / Retail or any
industry which is involved in
some sort of financial
transaction
Summary
The PCI Data Security
Standard represents a
common set of industry tools
and measurements to help
ensure the safe handling of
sensitive information.

26. SOX
Public Company
Accounting Reform
and Investor Protection
Act
Industry focus
Every organisation which
wants to be listed on the US
stock exchange or do
business with the US
government
Summary
In a nutshell it comes down to “CorporateAccountability and
Responsibility”. You know what’s going on in the organization and
have a complete control and overview at all times. This includes
financials, products and services.

27. FDA Part 11 specifies a number of requirements for software systems to
enable trustworthy and reliable electronic records and signatures. Part
11 applies to records in electronic form that are created, modified,
maintained, archived, retrieved, or transmitted. Its primary benefit is to
assure quality and performance of the systems deployed to manage any
cGxP process.
Electronic Records,
Electronic Signatures,
Scope and Application
21 CFR Part 11
Industry focus
All industries which have
to have some sort of
quality control and trace
system
in-place
Summary

28. NEW TREND OR RISK FOR THE
FUTURE
DIGITAL
TRANSFORMATION
IN ORDER TO STAY AHEAD OF THE GAME
CUSTOMER ENGAMENT
SERVICES
COMPLIANCE NEEDS TO BE COME A SERVICE
PARTNER
/
ALIGN WITH THE
BUSINESS
MAKE IT MORE CUSTOMER-
FOCUSED
PROTECT COMPANIES
ASSEST
AND

29. Similarities
between
regulations
Adjust to
business
needsand
speed
Knowyour
regulationsand
knowyour
business
processes
Key takeaways

30. Let’s put
Simple and
Flexible back
to work !

31. Where do we go from
here?
And what’s our
objective?

32. How to keep a grip on
the situation
Compliance Life-
cycle
Prevent
Detect
Track
Respond
and
Resolve
o Know what to prevent
o Know from what to prevent it
o Know why to prevent it
o Security policies
o Rights Management Policies
o Separation of duties
o Four-eyes checks
o Secure and encrypted access
o Classification by metadata
o Content ID
o Image recognition
o QR or Barcodes
o Scan for keywords or
phrases
o Custom triggers and rules
o Direct Lock or Quarantine
o Alert and notifications
o Real-time scanning
o Gain understanding and insights,
compliance dashboards
o Automation of Reports
o Monitoring and Notifying
o Use metrics that make sense

33. Compliance recipe
High-level focus where to start
Preparation
Identification
of information
and it’s value
Our
Standards
and
Regulations
Match the
Similarities
Turn it into a
daily processPositioning
Automated
tooling
1 2 3 4 5 6 7

34. 1. Positioning
Compliance shouldn’t be treated as a project or
as a
bolt-on, but should be at the center of a business
COMPLIANCE

35. 2. Preparation
Those who fail to prepare should prepare to fail
Define your compliance
goals, set a vision
oTighter Security
oEfficient collaboration with
partners
oTransparency
oIndustry Certification
Understand Criteria and
Benchmarks
oHow do I know if I’m
compliant?
oWhat does the information tell
me?
oHow can I use it to support
business activities?
Gather your team of
experts
oFrom within and outside the
company. (Legal, HR, IT, etc.)
oKnow what they are doing
and what’s important to them.
Commitment and
Authority
oIf the driver holds the keys,
they drive and not the owner or
passengers
oManagement Commitment
and Signoff

36. 3. Identification of information
and it’s value
Identify the type of data
your organization
produces
oWhat’s the value to the user
and the company?
oWhat product, process or
service depends on it?
Accuracy
oCheck if the information is
still accurate and reliable.
oAre we all working with the
same version?
oWhen was it last checked?
Automatic tooling
oUse the right tools in
conjunction with the existing
infrastructure to enforce and
control policies.
oGuide people through a
process to reduce mistakes.
oClassification and auto
tagging

37. 4. Our Standards and Regulations
They are all different
Identification
oSummarize all the regulations
you need to be compliant with.
oFigure out the similarities.
oFind out your company’s
strong points and weaknesses
Industry overlap
oThe term industry is really
broad. If you’re an airline and
clients can book tickets
directly. You also need to be
compliant with certain financial
regulations.
Country
oRegulations are derived from
each other but might be stricter
depending on your country
your supplier or your client’s
location.
Industry Certification
oDo you need to be certified in
a specific field?
oDo the industry certification
differ per country?

38. Regulation Type B
Country A
Regulation Type A
Country B
Regulation Type A
Country A
5. Match the similarities
o Prioritize, which one is most
important
o Overlaps with which product or
service
o Who’s responsible for what
o What are quick wins
o Categorize them by

39. 6. Turn it into a daily process
Everyone is responsible so get them
involved
How compliant are you
oAnalyze and fill in the gaps to
improve?
Monitor
oMonitor regulation changes
oMonitor Business needs
oAlign with company vision
and strategy
Reporting
oBuild useful reports
oBuild compliance dashboards
for live changes (Power BI)
oKnow what information you
produce and who uses it.
oWhere is it stored now?
Activities
oReport the right information to
the right people
oDelegate tasks
oCompliance and protecting
your organization’s assets is a
team effort

40. How do you know if your compliancy
is going the right way?
Constant monitoring and reporting is key
Not yet
compliant
Compliant
to criteria
ABC
63%
37%
o Define the different reports you need for the
regulations
o Define your criteria on what you need to report
o Create compliance dashboards (Power BI)
o Know who’s responsible for the part of the business
process and delegate the task

41. Identify thecapabilitiesof the
toolswithin your existing
softwareportfolio what it can do
and howit can help you on your
compliancejourneyAnalyse the gaps
User Repository
Workflow
Full fidelity Data Protection and Recovery
Audit trailing
Logging
Separation of Duties
Notification
Identity and Access Management
Authentication mechanism
Azure Intune Bring Your Own Device
Alerts
Azure Rights Management
SAP
Mobile and MobilityPowerShell
Social Media
eDiscovery and Vault mechanisms
Hardware Appliances
OneDriveSlype for Business
Data Loss Prevention
SharePoint
Office 365
Exchange
7. Automated tooling

42. AvePoint, filling the gaps
SharePoint, Office 365,
Yammer, File shares and more
Prevent
Detect
Track
Respond
and
Resolve
o Governance Automation
o Compliance Reports
o Administrator
o Compliance Guardian
o Vault
o eDiscovery
o Compliance Reports
o Administrator
o Compliance Guardian
o eDiscovery
o Compliance Reports

43. AvePoint Compliance Guardian
Provides Automated Risk Mitigation
System to Scan, Classify, Protect,
and Audit Collaborative
Environments

44. Sh wtime!

45. Key takeaway summary
Align with
business
needs
Balance
and
Trade-offs
Don’t
wait
Know your
organizations
values and
importance
Keep it
Simple
Compliance
isbroader,
look further
than thetip
of your nose

46. Now it’s your turn to
become compliant!
If you need some help we’re just a few
mouse clicks away….
Questions and Feedback are highly appreciated
Not a big talker?
Just send usan
email
roberto.delgado@avepoint.com
maarten.boonen@ctp.com
roberto.delgado@avepoint.com
maarten.boonen@ctp.com
Thank you for your interest

47. Resources and
References
Abbreviations
Compliance Guardian introduction
video
Resource links
AIIM Association for Information and Image
Management
NIST National Institute of Standards and Technology
CFR Code of Federal Regulations
cGxP Current Good X Practice
(FDA compliance; X can mean: Clinical,
Laboratory, Manufacturing, Pharmaceutical,)
FINMA The Swiss Financial Market Supervisory Authority
GRC Governance, Risk and Compliance
© 2015 Cambridge Technology Partners, Proprietary &
Confidential
What is Microsoft Azure Rights
Management

51. Use CTRL together with + or – to zoom
ComplianceGuardianon-
premise

52. Use CTRL together with + or – to zoom
ComplianceGuardianon-
premise

53. Use CTRL together with + or – to zoom
ComplianceGuardianonline
AvePointcloudservice

54. Use CTRL together with + or – to zoom
ComplianceGuardianonline
AvePointcloudservice