Blog

  • Organizations in Cyprus operate in uncertain and changing environments with challenging socio-economic and cultural influences that may affect their ability to meet their objectives. The impact of this uncertainty can be determined through analysis of market, credit, operational and reputational risk.  Based on the above, organizations examine, understand and evaluate the risks, and then take the necessary risk mitigation steps to increase the probability of success and reduce the likelihood of failure and its impact. GRC (governance, risk management and compliance) focus on processes that include document-control and enterprise information management (EIM).

    A PROACTIVE APPROACH TO RISK MANAGEMENT

    Organizations need to integrate content from multiple sources to deliver timely, consistent and meaningful information to their business processes in order to manage cost and meet business goals, while achieving regulatory compliance. Enterprise Information Management is a strategic combination of components and services that meet these challenges. The methodology involves scanning, data capture, management, preservation and delivery of information through structured physical and digital systems encompassing document management, imaging, records management, workflow and regulatory compliance management. These systems help organizations of all sizes and in all industries better organize their structured and unstructured, physical and digital repositories in an effort to better manage and harness an ever-increasing amount of content.

    Outsourcing and building strong partnerships as a part of an EIM strategy, is critical in order for organizations to take advantage of industry expertise and economies of scale. Typically, though, most organizations do not outsource or invest in an EIM solely to mitigate risk. The main business driver is the opportunity to save time and money while improving business performance assisting in a less-paper office and automation of business and internal processes. This is something that has driven the information management industry for the past decades. An effective EIM solution will reduce the time, cost and complexity associated with storing, locating and collaborating on documents and data throughout the information life cycle. The successful implementation will improve operational efficiency and access to critical content, as well as address quality and compliance activities and requirements.

    Since corporate focus is also on risk mitigation, managing information is all about security and compliance, based on standards and regulations. Typical risks from failure of information governance are possible non-compliance penalization, excess litigation costs, an inability to respond to requests for information, and possible audit qualifications due to inadequate records. A proactive approach to risk management would include measures to ensure that your information is secure, searchable, retained and disposed-of according to industry and legal requirements.

     

    THE CASE FOR ENTERPRISE INFORMATION MANAGEMENT

    For those organizations that have implemented a structured approach and methodology for EIM, risk mitigation is vastly simplified, through various applications within each organization, in order to meet their corporate goals.

    1.      Simplify audit controls and ensure data accuracy

    EIM can help streamline audits with the ability to quickly and efficiently produce evidence to verify if the right people are doing the right things at the right time across an organization’s departments and functional groups. It can also provide a clear illustration to auditors of the quality and compliance related activity within an organization.

    An integrated information management system incorporating levelled access controls will dramatically simplify the typical control requirements for security, audit trails and production of records on demand. An indexing strategy ensures that finding documents is simple, based on index values (metadata fields or keys) associated with a document, thus minimizing exposure to possible data misplacement and loss.

    2.      Automate document retention and destruction

    Avoid the risk of deleting records prematurely, keeping records well past their mandated retention periods and retaining information indefinitely, leading to repeated investments in costly storage or exposure to regulatory non-compliance e.g. GDPR, ISO27K etc.

    Seamless record and information management allows you to automate retention and destruction schedules, removing the potential for human uncertainty and error. This feature helps to further mitigate risk and ensure compliance both for physical and digital records.

    3.      Manage the marriage of digital and physical information

    Most organizations struggle to differentiate between the physical and digital aspect of information. Paper processing still plays a large role in EIM, both locally and internationally. Managing the marriage of digital and physical information though a structured EIM approach is as crucial for the operations of an organization as it is for the mitigation of corporate risk.

    4.      Monitor your activities and processes

    As companies strive to create order from the chaos that has resulted from the unprecedented amounts of information they produce, Enterprise Content Management (ECM) has become one of the fastest growing areas of Information Technology and a crucial component of information management as a whole.

    Risk management and risk mitigation is enhanced through ECM workflows and processes, due to the strength of real-time monitoring and notifications on activities defined by each organization based on their risk profile. Achieving a proactive risk-based approach is highly achievable without the requirement for extensive resource allocation or data mining.

    5.      Enhance Customer Experience

    Customer service starts with responsiveness and quick turnaround, only achieved through a structured EIM system, especially for organizations dependent on data and information retrieval on a frequent basis. Integration of digital and physical records enables advanced options to customers, partners, and staff members. In addition, customer satisfaction data, customer complaints, incident reporting and similar types of documentation, can be captured, combined and managed through the EIM. This will result in efficient management of risk with real time data.

    Integrated Risk management, assisted through the implementation of an EIM, allows you to take a proactive approach to business continuity and corporate governance. Rather than putting policies in place after a catastrophic event, such as an audit or a loss of consumer confidence, it is far better to equip your organization with the tools that ensure a risk-based approach to compliance and customer satisfaction.

    With the right partners and tools, you can prepare your organization to thrive and face all foreseeable adversities and challenges, related to information management in an integrated risk management and mitigation strategy that can help each organization improve business performance and customer experience.

    GDPR AND ENTERPRISE INFORMATION MANAGEMENT 

    Europe’s new General Data Protection Regulation (GDPR), which will come into effect in May 2018, requires and embraces a risk-based approach to data protection, through a redesign of the internal systems and controls of all companies. Throughout the GDPR, organizations that control the processing of personal data are encouraged to implement protective measures corresponding to the level of risk of their data processing activities.

    The concept of risk analysis appears in all measures companies should implement to assure adequate data security. This implicitly includes the necessary risk management process regarding the criteria set forth for authorities when assessing penalties to companies for non-conformity. These penalties could amount to a severe impact on any company, considering that a 4% penalty on global turnover or 20 million Euro penalty (whichever is higher), is something most companies could not afford. Thus, risk analysis and mitigation measures may extend beyond the data security provisions, encouraging a risk-based compliance approach to many areas of the Regulation, thus introducing the concept of privacy by design.

    The GDPR guides companies to implement appropriate technical and organizational measures to ensure compliance. These measures should reflect the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of individuals. The reference to likelihood and severity in essence, reflects the general approach to any risk assessment or business impact assessment schedule.

    Companies can reduce their exposure to penalties by demonstrating their adherence to traceable and well-documented procedures, workflow mechanisms and policies. Taken together, the GDPR and the local authorities suggest that fines should be imposed in accordance with the risk profile of the operation and the extent to which each company appropriately addressed the risk. The sensible assumption and word on the street remains that a company will face significantly reduced fines or avoid fines altogether by addressing the risk of its activities, even if such measures fail to prevent a data breach or another important GDPR non-conformity.

    Records Indexing and Metadata management can play an important role in helping companies comply with the various GDPR requirements. When leveraged within an EIM integrated system, accurate content management helps companies correctly categorize and manage all records (physical and digital) according to GDPR requirements.

    For example, contracts and invoices by their nature contain sensitive customer information. A well-planned EIM system can manage indexed “contract” or “invoice” documents with specific references to the person whose data is in each file. This reflects the obligation in the GDPR for data portability and the right to be forgotten, which allows for any data subject (citizen) to request companies to provide an index of his/her particular data stored by the company, request for a transfer to another business entity, or even request for all related data to be erased.

    Once a file or object is indexed as containing personal data, the EIM, usually through support from an ECM, can automatically initiate other actions to ensure proper treatment and handling of information according to the GDPR, such as: 

    • Data encryption
    • Applying access control and permission management to each type of record
    • Enforcing retention policies
    • Prevent files and objects from transferred outside of the organization without specific authorizations, which can be easily managed through workflows
    • Tracking any modifications to personal records
    • Relate explicit consent documentation to each corresponding record type e.g. explicit consent for use of personal data for marketing purposes
    • Providing an audit trail for compliance

    A correctly established information management system will bring order, consistency and efficiency to each task, making it faster and easier to become GDPR ready. It largely takes decisions about how to handle personal and sensitive data out of the hands of individual employees and instead applies an auditable data governance policy.

    About Fileminders

    Fileminders is the leading Enterprise Information Management (EIM) company in Cyprus and one of the most innovative Information Processing companies in the region. A Trusted Partner for leading businesses in Cyprus, who managed to enhance their cost effectiveness by reducing paper-handling inefficiencies, optimized their info-driven business processes and mitigate corporate risks associated with information discovery and regulatory compliance. Fileminders has extended industry experience of more than 13 years with more than 700 clients from all industries of all sizes, recognized expertise, intelligent infrastructure, advanced technology equipment and a fully integrated information management system.

    The company has successfully helped organizations of all sizes to attain efficiency and mitigate risk by managing the entire Information Management Cycle.  A complete end-to-end EIM solution, which includes secure storage of physical documents, document scanning and capturing, Enterprise Content Management (ECM), Business Process Management (BPM) and secure destruction of obsolete information. The goal is to streamline manual and paper intensive business processes that cause information silos and document bottlenecks; cost effectively, securely and reliably, in compliance with strict standards of information security.

    Click here for the English version of the article published at Cyprus Weekly magazine.

    Click here for the Greek version of the article published at Phileleftheros magazine.

     


Christoforos Christoforou
Risk and Strategic Planning Manager

Featured Post

Recent Posts

Contact Us 7777 86 66

P. O. Box 16237,

2087 Nicosia

Cyprus

Tel: +357 7777 86 66

Fax: +357 22 833852

email: info@fileminders.com.cy