Compliance

Information Security in the Digital Age [Podcast]

This is the first of what we hope to be many podcasts in which we explore the technology and culture of Enterprise Information Management (EIM). We’re going to share stories about how OpenText is delivering world class technology and improving our Customer Experience on a daily basis. In this installment, we hope to give you a better understanding of the current cyber security climate, show you what we’re doing to keep your data secure and protect your privacy, and tell you how you can protect yourself online. Our discussion on information security has been recorded as a podcast! If you’d like to listen but don’t see the player above click here. If you don’t want to listen to the podcast, we’ve transcribed it for you below: … The unknown unknown… … If it was three in the morning and there was a bunch of guys standing down a poorly lit alley, would you walk down there by yourself? Probably not. Yet on the Internet, we do that continuously—we walk down that street—and then we’re shocked when negative things happen… … People have an expectation that once they put a lock on their door they’re secure. And that might be the case in their home. But electronically it’s not quite so simple… Are we safe online? Perhaps a better question is whether our information is safe online. 2014 was a banner year for information, data—what we now call cyber—security, and if analyst reports can be any indication, security professionals are on high alert in 2015. International governing bodies have also placed an urgency on better understanding cyber security risks and putting in place strategies to ensure stable telecommunications and safeguard information. There has also been growing concern around data privacy. Though security and privacy work hand-in- hand and it’s difficult to have data privacy without security, there is a difference between the two terms. Security involves the confidentiality, availability and integrity of data. It’s about only collecting information that’s required, then keeping that information safe and destroying it when it’s no longer needed. On the other hand, privacy is about the appropriate use of data. To help us through the topic of cyber security, we talked to Greg Murray, VP of Information Security and Chief Information Security Officer at OpenText. The OpenText security team is made up of specialists around the world who provide operational response, risk assessments and compliance. They also brief executive leadership regularly, and keep development teams abreast of pertinent security information. More importantly, Greg and his team work with our customers to ensure their unique security needs are covered end-to-end. “It starts early in the process,” says Greg. “It starts in the presales cycle where we try to understand the risks that [our customers] are trying to manage in their organization. We find out how they are applying security against that, and then that becomes contractual obligation that we make sure is clearly stated in our agreement with the customer. From there, it goes into our operations center—or risk center, depending on what we’re looking at—and we ensure that whatever our obligations, we’re on top of them and following the different verticals and industries.” Again, 2014 was a big year for cyber security in the news (I think we all remember the stories of not too long ago). But while news agencies focused on the scope and possible future threats, Greg learned something else: “I think if we look at media, one probably would not have argued until last year that media was a high threat area compared to something like aerospace defense. That has changed. Clearly that has changed. As a result, customers come back and say, ‘Hey, our environment has changed. What can you do to help us with that?’” “What a financial institution requires is very different than what a manufacturing provider requires or a pharmaceutical organization. Some of that, as a provider to these organizations and customers, we can carry for them on their behalf. In other cases they must carry it themselves. A lot of the discussions that we have with customers are in regards to ‘Where’s that line?’” “At the end of the day, there’s a collaboration. It’s not all on the customer, it’s not all on OpenText. We have to work together to be able to prove compliance and prove security across the environment.” Regardless of the size, industry or location of an organization, security needs to be a top priority. This concept isn’t a new one. As Greg told Adam Howatson, OpenText CMO in a recent Tech Talk interview, information security hasn’t evolved that much over the last 50 years (view the discussion on YouTube). Greg’s answer may surprise, but after some digging I learned that back in 1998, the Russian Federation brought the issue of information security to the UN’s attention by suggesting that telecommunications were beginning to be used for purposes “inconsistent with the objectives of maintaining international stability and security.” Since then, the UN has been trying to increase transparency, predictability and cooperation among the nations of the world in an effort to police the Internet and private networks. Additionally, if you have seen the Alan Turing biopic The Imitation Game, you know that people have been trying to encrypt and decipher messages since the 1940s and probably even earlier. Today, the lack of physical borders online has certainly complicated things, but the information security game remains the same, and cooperation among allies remains the key. “Are we all contributing together?” Greg asks. “If we’re all working together—just like Neighborhood Watch—we need that same neighborhood community watch on the internet. If you see stuff that doesn’t look right, you should probably report it.” The bad guys are organized and we need to be organized as well. The more we share information and the more we work together… Particularly at OpenText, we have a lot of customer outreach programs and security work where we work hand-in-hand with customer security teams. By doing that, we improve not only our security, but we improve security across the industry.” Recently I attended a talk given by Dr. Ann Cavoukian, former Ontario Privacy Commissioner and Executive Director at the Privacy and Big Data Institute at Ryerson University in Toronto. In it, she said that “privacy cannot be assured solely by compliance with regulatory frameworks; rather, privacy assurance must ideally become an organization’s default mode of operation.” She said that privacy—which again, involves the appropriate use of information—must be at the core of IT systems, accountable business practices and in the physical design and networked infrastructure. Privacy needs to be built into the very design of a business. And I think it’s evident from what Greg says about security, and the way OpenText designs its software with the users’ needs in mind, that our customers’ privacy and security is an essential part of what we offer. “We have a tremendous number of technical controls that are in place throughout all of our systems. For us, though, it starts on the drawing board. That’s when we start thinking about security.” “As soon as Product Management comes up with a new idea, we sit down with them to understand what they’re trying to achieve for the customer and how we’re going to secure it. So that by the time somebody’s uploading that document, it’s already gone through design, engineering, regression testing analysis, security penetration testing.” “One of the other things we do is called threat modelling. Typically we look at the different types of solutions—whether they’re file transfer or transactional, for example—and we look across the industry to see who has been breached and how. We then specifically include that in all of our security and regression testing.” You don’t need to look further than the OpenText Cloud Bill of Rights for proof in our dedication to information security and privacy. In it, we guarantee for our cloud customers the following: You own your content We will not lose your data We will not spy on your data We will not sell your data We will not withhold your data You locate your data where you want it Not everyone is up front with their data privacy policy, but with people becoming more aware of information security and privacy concerns, organizations are going to find themselves facing serious consequences if they do not make the appropriate changes to internal processes and policy. Data security doesn’t lie solely in the hands of cloud vendors or software developers, however. We asked Greg what users and IT administrators can do to protect themselves, and he said it comes down to three things: “One is change your passwords regularly. I know it sounds kind of foolish, but in this day and age if you can use two-factor or multi-factor authentication that does make a big difference.” “The second thing you can do is make sure your systems are patched. 95% of breaches happen because systems aren’t patched. When people ask ‘What’s the sexy side of security?’, it’s not patching. But it works. And it’s not that expensive—it’s typically included free from most vendors.” “The third thing is ‘think before you click.’ If you don’t know who it is or you don’t know what it is… Curiosity kills the cat and curiosity infects computers.” We hope you enjoyed our discussion on information privacy and cyber security. If you’d like to know more about the topics discussed today, visit opencanada.org, privacybydesign.com and of course Opentext.com. We also encourage you to learn more about security regulations and compliance by visiting the CCIRC and FS-ISAC websites.  

Read More

Business Process: The Future of ECM

For years, enterprise content management (ECM) solutions were adopted primarily for two main use cases. The first was to achieve compliance, and many early adopters of ECM continue to successfully use it to address various regulatory requirements. Compliance provided functionality for records management, archiving, and information governance. A while back I wrote a blog post titled What Features Ensure Compliance? that elaborates on the functionality required for compliance use cases. The second use case was around team effectiveness with functionality such as collaboration, document sharing, and social capabilities. Collaboration is subject to frequent changes in direction as every new technology promises an easier and more compelling user experience—from mobility and social software to file sync-and-share. The frequent feature churn in the collaborative use cases doesn’t go well with the compliance requirements that often need the system to remain unchanged for several years (validated environments, anyone?). ROI and Dependency on the User Not only were the two primary use cases not really well aligned in their feature requirements, they had two additional challenges. Neither use case provides a very strong ROI. Sure, we marketers always calculate the savings in storage and government fines that compliance solutions help you avoid. But let’s face it: preventing penalties is not exactly a hard ROI and storage is cheap (or at least everybody thinks it is). The collaborative use cases are even worse—measuring the ROI here is fuzzy at best and often impossible. The second challenge was the dependency on the users to do the right thing. For the compliance use cases, users were expected to diligently file their documents, weed out their inboxes, type in the metadata, and apply the right retention policies. Obviously, users are not very consistent at it, even if you try to force them. In the case of collaboration, users were expected to share their documents openly with others, comment in a productive way, and stay away from email and all the other collaboration tools around them. As it turns out, this type of behavior very much depends on the culture of the team—it works for some, but it will never work for others. The adoption of any collaboration solution is therefore usually very tribal. So, is there any hope for ECM? Can we get an ROI and get employees to use it without someone watching over their shoulder? ECM: Part of the Process As it turns out, there is a third type of use case emerging. It is the use of ECM as part of a business process. Business processes are something people already do—we don’t have to force anyone. That’s what companies and working in them is all about: everything we do is part of a business process. Business processes are also important, relevant, and very measurable. There is an ROI behind every business process. Every instance of a business process includes the context, which can be used to populate the metadata and to select the right policy automatically. Business processes can handle the automation of content management and don’t have to rely on the end user to do it. But business processes don’t live in ECM. Sure, the process artifacts usually reside in a content repository, but it would be a stretch to claim that the entire business process happens in an ECM application. Nor does it live in the BPM application, even if that application may be the primary application for some users. In fact, there is usually a master application from the structured data world that rules the business process: enterprise resource planning (ERP), customer relationship management (CRM), product lifecycle management (PLM), supply chain management (SCM), etc. That’s why it is important for ECM to connect with the master applications through the business process. This is not just a simple way to link data sets or to hand over data from one system to another. Using modern, REST-based technology, it is possible to achieve integration that goes much deeper and involves users, roles, permissions, classifications, and of course the user experience. Deal with Content Chaos ECM addresses some very important problems that every organization has to deal with. Given the volume and relentless growth of content in every enterprise, it has to be managed. Yet ECM struggled to be adopted widely because of lack of tangible ROI and a difficulty to attract end users. Tying ECM to a business process through a master application addresses these challenges. It may not solve every problem with content in the enterprise and there will still be content outside of any business process, but it will go a long way to dealing with what AIIM calls “Content Chaos”. Click below to view my SlideShare presentation from the AIIM Conference 2015 on the challenges with traditional approaches to ECM and a solution provided by tying ECM to business processes: Business Process – the Future of ECM from Lubor Ptacek  

Read More

Digital Disruption: The Forces of Data Driven Smart Apps [Part 4]

Editor’s note: Shaku Atre (at right, above, at our Data Driven Summit last December) is the founder and managing partner of the Atre Group, Inc. of New York City, NY and Santa Cruz, California. (Read more about Atre here.) Atre has written a thorough and compelling treatise on the disruptive power of mobile apps, and supported her analysis and conclusions with templates and case studies.  We are privileged to present her analysis here in four parts. In Part 1, she made the case for mobile apps and laid out  some of the forces behind digital disruption. In Part 2 Atre described two more disruptive forces, and in Part 3 she shared two templates for creating mobile app case studies. Today, the series concludes with mobile app case studies in financial services, telecommunications, car rental, and pharmaceutical industries. At the end of this post we share a link to download the entire series.  —– Digital Disruption: The Forces of Data Driven Smart Apps [Part 4 of 4] Copyright by Atre Group, Inc.   Case Study 1: Financial Services Let us consider a basic consumer and small business bank as a publisher of a smart app for “Business Advantage Checking with Mobile Banking” Figure 3 Who are the primary beneficiaries? a. The bank’s customers Who are the secondary beneficiaries? a. The banks’ customer base grows with very good referrals. The bank   itself will be the beneficiary.b. Banks make money by using customers’ money in loaning the money at higher rates for loans given out as compared to what the banks pay their customers. c. If a bank has a good amount of money in reserves, the bank can get a better interest rate from the Federal Reserve Bank. d. Telecommunications companies that supply Internet capabilities to the banks e. Credit score companies which keep track of credit worthiness of the individuals f. Government which can put a hold on the accounts if taxes are   not paid g. Mortgage banks; credit card companies; employees: city, state and federal governments with electronic funds transfers from the checking account – any recipients of the EFT Examples of functionalities to be provided by the bank’s App: • The main intent of this app is to have your own bank in your back pocket. • Which devices are used for online banking? (most frequently used devices are as follows – and we will have many more that we can’t even think of): a. iPhone (iOS)b. iPad (iOS) c. Android Phone d. Windows Phone e. Blackberry f. iPad (iOS) g. Android Tablet h. Kindle Fire i. Other Devices • The main functions that are expected of a successful bank are: Login, account authentication, account overview on one screen– easy creation of your own banking dashboard, deposit, bill-pay, transfers, person to person payment, message center, customization, PFM (Personal Finance Management) with possible integration with an accounting software. • Your own banking dashboard addressing needs of different customer segments: Total control of the end-user, customized dashboard with drag and drop capability of widgets, widget catalog, store personal likes and dislikes to make the experience desirable. • Accounts and Transactions: a. Monitoring balances of all types of accounts at the bank: checking, savings, debit and credit cards, mortgage loans,    personal loansb. Transaction details with various filtering options, tools to help categorize and tag. c. Tracking of completed as well as pending transactions, ATM withdrawals and deposits, check deposits, cash deposits, online    deposits, warnings about when the deposited money will be available to withdraw, grouping of accounts, joint accounts and       setting limits how much each person can withdraw at once-        within what timeframe, adding accounts from other external banks • Deposits & Loans: a. Keep track of details of deposits and loansb. Verify on an ongoing basis credit card limits, credit card payments each month, loans and overdrafts, interest rates, c. Prioritize repayment schedules paying the highest interest rates’ loans first, etc. d. New loan application process simplification • Money Transfers & Person To Person Payments: a. Money transfers of multiple types such as P2P (Person to Person) Transfers, as well as Account to Account Transfers (A2A)b. Domestic Transfers and International Transfers c. Scheduled and Recurring payments are supported d. Connection with social address books so that friends can transfer money using email addresses or mobile phones e. Transfers that are pending or scheduled are watched • Bill Pay: a. Vendors should be able to email bills to a secure message centerb. Optical Character Recognition and mobile scanning capabilities for paper invoices for previously verified vendors for quick      payments • Split & Share: a. Receiving invoices together and splitting them by automatic debits of accounts among already declared friendsb. Social address books to be integrated with the banking transactions • Alerts: a. If the balance in the account goes down to a certain amount an alert message is sent to the account holder’s smartphoneb. An alert about a bounced check and charge taken out of the checking account • Which services would you like to search for? a. ATMsb. Banking centers c. 24-Hour ATMs d. Banking centers open Saturdays e. Drive-Up ATMs near my current location Which parts of Big Data can be stored and used?   Figure 4 • Customers’ Data Storage: • Primary Beneficiaries: direct deposits, direct debit, EFTs, account to account & person to person transfers, balance transfer, account management with QuickBooks Integration • Customers’ (Primary & Secondary) Transactional Data: • Customers’ invoices & archived internal data • Potential Customers’ Data Storage: • Data such as referrals received, Credit scores, accounting integration • External Data Storage: • Marketing and Industry big data such as: FIX, SWIFT, competitive data; data such as: Bank Reserves, Troubled Banks, Prime Rate Changes are streamed   Case Study 2: Telecommunications Let us consider a Mobile Telecommunications Service Provider as a publisher of a smart app for Smart Telephone Service Provider   Figure 5 Who are the primary beneficiaries? • Consumers, small and large business owners Who are the secondary beneficiaries? • Telephone manufacturers• Independent telephone service providers • Insurance companies insuring hardware • All types of industries that have mushroomed with mobile equipment and services Examples of functionalities to be provided by the telecom’s App: • View your usage• Purchased Extras • Manage your plan & Extras • View recent transactions • Top Up – Credit Card • Top Up – Prepaid Voucher • Pay your bill • View Activity – For Prepaid • Alerts & Notifications – For Prepaid Novel Apps for Telecom: • Public health: e. g. Ebola Outbreak: • Connect with Toll Free Numbers necessary human resources needed to help save lives at a massive scale. Telecom and Internet are the two most important ingredients. • Interactive voice response currency converter App: • Providing up-to-date exchange rate information • Finding missing children           Which parts of Big Data can be stored and used?   Figure 6 • Customers’ Data Storage: • Customer’s usage, recent transactions, Voice usage, data usage, bill payment, top-up credit card • Customers’ Transactional Data: • Customers’ invoices & archived internal data • Potential Customers’ Data Storage • Telephone manufacturers’ special discounts, Insurance companies’ special offers for lost telephones, special deals • External Data Storage • Telephones’ sales statistics, regulatory commissions data, marketing campaigns by various telephone service companies, FTC rules and regulations   Case Study 3: Car Rental Let us consider a car rental company as a publisher of a smart app for “Automobile Traffic Management App – ATMA” Figure 7 Primary Beneficiaries of the App: Drivers, accompanying passengers Secondary beneficiaries of the App and what are their benefits? 1. Police Department • Severity of the accidents’ info and any actions necessary based on that info 2. Hospitals • Which types of ambulances should be sent and how big should they be?• Which specialty of physicians should be ready to help the injured people? • Which equipment should be kept ready? 3. Property & Casualty Insurance Companies • Which roads are hazardous and cause property damage?• Which drivers are “high risk”? Examples of functionalities to be provided by ATMA: • ŸTraffic Maps to show the travel route taken by the driver (a visualization)• Alerts (Deployment of mobile technology – Speaking App – the driver can set the timer about how often the app should be speaking, e.g. every five minutes or every ten minutes) • Traffic Congestion: i. Maps – a visualization that integrates a map with easy to understand visual icons such as bumper to bumper traffic, ambulances, etc. ii. What type of interaction could be provided to avoid hazardous situations iii. The possible reasons for the backup 1. Construction 2. Accident 3. A specific event 4. Inclement weather iv. How long is the backup as far as the time is concernedv. What is the average speedvi. How long is the expected delay to reach the destination vii. What is the average speed? viii. Should someone be informed about the delay? (This information could be set up before starting the journey. If the delay is longer than fifteen minutes the consumer should be informed with a text message.) Which parts of Big Data can be stored and used? Figure 8 • Customers’ Data Storage: Driver’s information about driving records, DMV records, car information, starting and ending locations, etc. • Customers’ Transactional Data: Customers’ invoices & archived internal data • Potential Customers’ Data: Police reports of various accidents, hospitals’ reports, insurance claims, state & county roads renewal plans, new construction plans • External Data Storage: State Highway Patrol Data, Road Sensors Data, Maps, Construction data updates, previous accidents data in each part of the traffic area Which parts of Big Data could be used? i. State Highway Patrol Dataii. Road Sensors for accurate readings iii. Maps should be zoomable, clickable and should provide accurate speeds for each exit along the highway. iv. Drivers should be able to report by “speaking” in the car, keeping both hands on the steering wheel, about any incidents on the roads and that “voice data” could be a part of the “Big Data” for traffic information What are novel ways for decision making by drivers? v. Getting alerts to save timeo By driving routes with less traffic vi. Avoiding hazardous situations vii. Recording the problem areas in the database stored in the automobile’s database memory and evaluating the database records before starting any trip which is going to be longer than an hour viii. The app informing the parties at the destinations so that they know that the driver is delayed because of such and such ix. If a restaurant lunch or dinner is set at a certain time requesting scheduled time of reservation and estimated time of delay and another 15 minutes x. Police reports of various accidents, hospitals’ reports, insurance claims, state & county roads renewal plans, new construction plans   Case Study 4: Pharma Let us consider a pharmaceutical company as a publisher of an app and people with ailments as primary customers and pharmacies, Physicians, Hospitals, Clinics, Medical Insurance Companies, Medicare, and Medicaid as secondary customers. Figure 9 Examples of functionalities provided by the Pharma Apps: • Diary based apps: • Assisting the patients with the day, the time, and the dose taken or to be taken. Medication passport (Astra Zeneca) with names of the medications, doses and timings of the drugs.• Glucose monitoring apps for patients afflicted by diabetes. • Helping patients to track test results and appointments. (Eli Lilly – MyNet Manager) • Contraceptive reminder My iPill by Bayer • Procedures: • Showing how to administer certain procedures e.g. self-administered insulin injection to the diabetes patients. (Eli Lilly) • Educational: • Foods that reduce the risk of a diabetes on one side and the ones that exasperate on the other side (Boehringer Ingelheim’s Complications combat) • Alerts: • Sending alerts to family members when someone doesn’t take their medication– ad produces charts showing adherence to treatment regimens. (Johnson & Johnson’s subsidiary – Janssen – about half of the patients miss medications) • Weight Loss: Keeping track of the weight, food intake (Noom Weight Loss Coach) Which parts of Big Data can be stored and used? < Figure 10 • Primary Customers’ (Patients’) Data Storage: • Patients report which drugs they take, related improvement in ailments, Undesired reactions experienced by the patients, severity of the reactions • Customers’ (Primary & Secondary) Transactional Data: • Customers’ invoices & archived internal data • Potential Customers’ Data Storage: • Pharmacies record sales of drugs, the most frequently sold to the least frequently sold, which physicians recommend which drugs • External Data Storage: Data from National Health Services, Global Registry of Coronary Events (GRACE), Center for Disease Control (CDC) Prepare and act to handle the Digital Disruption which is rumbling around the corner. —– These four blog posts by Shaku Atre are available as PDF downloads here: Parts 1 and 2. Parts 3 and 4.  References for Parts 3 and 4: Mobile Application Development: http://en.wikipedia.org/wiki/Mobile_application_development Telecom: http://help.spark.co.nz/app/answers/detail/a_id/33187/~/smartphone-app http://tadsummit.com/2013/ http://blog.tadsummit.com/ Pharma: http://www.fiercebiotechit.com/special-reports/20-big-pharma-and-biotech-mobile-apps-2013?page=0,0 Some of Iodine’s competitors: http://www.webmd.com/drugs/index-drugs.aspx http://www.drugs.com/drug_information.html http://www.mayoclinic.org/drugs-supplements One difference between Iodine and its competitors is Iodine’s data-driven approach vs. other competitive websites’ content-driven approach. Here is the write up about Iodine in The New York Times dated Wednesday, September 24, 2014: http://www.nytimes.com/2014/09/24/technology/to-gather-drug-information-a-health-start-up-turns-to-consumers.html?module=Search&mabReward=relbias%3Ar%2C%7B%221%22%3A%22RI%3A6%22%7D Embedded Analytics: http://www.slideshare.net/JessicaSprinkel/the-complete-guide-to-embedded-analytics New York City Medallion: http://www.nytimes.com/2014/11/28/upshot/under-pressure-from-uber-taxi-medallion-prices-are-plummeting.html?module=Search&mabReward=relbias%3Ar%2C%7B%222%22%3A%22RI%3A17%22%7D&_r=0&abt=0002&abg=1  

Read More

Health Care Organizations’ Email Security Isn’t Making the Grade

So, it looks like a lot of health care organizations are flunking email security. According to the “state of email trust” survey cited in a recent Fortune Magazine article , health care organizations “severely lag” when it comes to securing email communications. In fact, the article states that an email, “purportedly sent from a typical health insurance company is, for instance, four times likelier to be fraudulent than an email that claims to be from a social media company.” A spokesperson from the surveying organization went on to state that “The poor folks in health care have traditionally not had much digital interaction. They’re the ones furthest behind by a country mile.” Considering the strict security compliance regulations in the space, this is disconcerting for the health care industry. The article went on to explain that only one of the 13 health care companies surveyed surpassed the ‘vulnerable’ category when it came to implementing three standard secure email protocols: Sender Policy Framework, or SPF, which checks emails against a list of authorized senders DomainKeys Identified Mail, or DKIM, which verifies the authenticity of a sender through encrypted digital signatures   Domain-based Message Authentication, Reporting, and Conformance, or DMARC, which checks emails against a published record on a company’s servers, notifies the company of any potentially spoofed emails, and rejects suspicious emails as spam Fortunately, solutions like OpenText Secure Mail support these security protocols while tracking, encrypting and controlling the distribution of your secure email messages. One key feature of Secure Mail that might help some of these “vulnerable” health care companies is Data Leak Prevention (DLP). This capability limits access and transmission of sensitive information based on specific security policies. Features like this position Secure Mail as a strategic business tool for organizations looking to maintain the confidentiality of protected health care information.

Read More

Healthcare Data Breach Hits Top Insurer

It looks like the report was accurate. I recently blogged about a Healthcare Informatics article entitled “ Report: Healthcare Data Breaches Expected to Increase in 2015 ”. The article discussed a report stating how Personal Healthcare Information’s (PHI) continued shift towards digital formats will heighten exposure to data breaches. Unfortunately the report might be right; according to an article in Health Data Management health insurer Premera Blue Cross was just hit by a “sophisticated cyberattack.” Premera said hackers may have accessed vital insurer member and applicant information such as names, dates of birth, email addresses, social security numbers and bank account information. Premera is working feverishly to address this “giant hack” however possible. It goes without saying data security is an extremely important compliance issue for the healthcare sector (HIPAA, anyone?). This news only amplifies the fact healthcare organizations must consider successful implementation, as well as consistent assessment, of electronic data security policies a non-negotiable. Depending on the organization, PHI is shared in various ways – regardless of whether it’s by fax, email, or managed file transfer. Each tend to play key roles in the exchange of PHI. In most cases these modes of electronic data transmission have security features like message encryption in-transit and at-rest, Data Leak Prevention (DLP), specialized viewing privileges and much more – all of which drive the protection, integrity and security of electronic PHI. If anything, Premera’s experience should prompt healthcare organizations to vigilantly re-evaluate the quality of their security measures for protecting electronic PHI. To learn more about how OpenText Information Exchange products can help, please click here .

Read More

How B2B Integration Drives Superior Supply Chain Performance

Today’s manufacturers face a constant challenge of balancing supply chain efficiency with the investment placed in their B2B integration platform. To try and get a better understanding of whether increased use of B2B solutions and services impacts the performance of a supply chain, OpenText sponsored a new B2B integration related study with IDC Manufacturing Insights. This blog will briefly summarise some of the key findings from the study. IDC conducted a one hour qualitative survey with 270 global manufacturers across the automotive, high tech and consumer product goods sub-sectors. We had representation from eight countries including Brazil, China, France, Germany, Japan, South Korea, UK and North America. In order to try and develop the hypothesis, IDC asked a number of questions about current B2B implementation initiatives across the 270 companies and they also asked questions relating to key supply chain metrics across each company. I spent a few months working with IDC on this study, so let me just highlight some of the B2B responses first. The first question looked at the key business initiatives that companies were embarking on over the next three years and international expansion into new markets was the key project as shown by the chart below. It is interesting to note that while many companies are trying to improve supply chain visibility and improve supply chain responsiveness they were not as high up in the chart as international expansion, develop more services and reduce operational costs. Indeed diversification into new sub-sectors is a key activity for many manufacturers today, for example high-tech companies exploring new opportunities in the growing electric vehicle market. In order to try and understand how pervasive B2B technologies were across the companies surveyed, the next question asked about the volume of electronic transactions that were being conducted today. Given the consumer driven, fast moving nature of the automotive and high tech sectors, I guess it is no surprise that it is these two industries that are exchanging transactions electronically with more than 75% of their trading partners. CPG on the other hand has a relatively low level, probably due to the fact that many CPG goods are manufactured in countries such as India and China where the use of B2B tools is relatively low when compared to other manufacturing hubs around the world. The study found there were a number of business drivers for companies needing to improve their B2B environment over the next three years. According to leading analysts, the manufacturing sector is going to be the fastest growing adopter of new Governance, Risk and Compliance (GRC) regulations. This was confirmed by the responses to our study which said that increased regulatory compliance was the number one reason why companies were increasing investment in their B2B infrastructure. This was closely followed by an increasing pressure from customers to adopt B2B integration processes. The survey showed that there was a marked shift in terms of the key barriers to adopting new B2B services. One of the main barriers in the past was getting top level management buy in that B2B integration could bring significant benefits to the business. Our study showed that this barrier was the least likely to prevent a new B2B project from starting. In fact the number one barrier to increased B2B adoption was competing IT projects such as ERP. ERP is typically the number one focus area for CIOs and as such tend to get the most budget and resources to deploy. ERP systems typically have to be live by a specific date and if the date slips then IT resources from other projects are pulled in as required. This could leave other IT projects such as a B2B on-boarding project severely exposed. Even when companies have deployed an ERP and B2B environment, our study showed that nearly 40% of companies had still not integrated their ERP and B2B platforms together. Here at OpenText we find ERP B2B integration projects as a key driver for companies adopting our B2B Managed Services environment. In terms of the benefits gained from B2B integration, companies cited lower inventories as the main benefit. This was most apparent from nearly 60% of automotive respondents who have invested heavily in recent years following the last economic downturn and to help support their global expansion initiatives. As I highlighted at the beginning of this blog post, the study was truly global in nature, covering all the major manufacturing hubs around the world and I just wanted to briefly highlight some of the key findings by region: 71% of German companies trade electronically with less than 50% of their trading partners 80% of Japanese companies said that inventory reduction was a key benefit of B2B integration 62% of US companies trading electronically with more than 50% of their trading partners 27% of Chinese companies trading electronically with more than 50% of their trading partners 57% of South Korean companies said that supply chain complexity was a key barrier to B2B adoption One of the major goals of the study was to find out how companies were progressing in their understanding of how modern B2B technologies can help drive superior business results. To achieve this, it was important to get an understanding of the perceived performance of specific supply chain activities. Once these supply chain metrics were analysed it would then be possible to see if there was any correlation between supply chain performance and the impact of B2B technologies. Here are some examples of the metrics that were measured as part of the analysis: 50% of US companies can process an invoice in under one hour 73% of Chinese companies have an average time to market of less than 120 days 90% of Brazilian companies perform up to two inventory turns per month 87% of Chinese companies deliver greater than 95% perfect orders 60% of Japanese companies have an average customer order delivery time of less than 7 days Overall, there were some interesting findings from a supply chain metrics point of view and I will write a separate blog that examines some of these results. But in the meantime I just wanted to include one chart relating to a specific business process that is seeing increasing levels of digitisation, namely invoicing. The chart below highlights the time it takes for the surveyed companies to process an invoice. The real-time numbers shown below would indicate companies that have adopted electronic invoicing solutions. Acknowledging that the supply chain metrics would be different for each industry, average metrics were created for each industry and IDC then identified ‘top performer’ companies for each metric, ie companies with a performance that significantly exceeds industry average. Building upon this analysis, four ‘performance groups’ were defined according to the amount of times each company was over performing their industry average. Leaders – Companies that are “top performers” in 4 or more metrics Experts – Companies that are “top performers” in 2 or 3 metrics Beginners – Companies that are “top performers” in just one metric Laggards – Companies that are never “top performers” Now I could just provide the final chart that shows the correlation between B2B integration and these four performance groups, however to get a better understanding of this study and the responses we got from these 270 global manufacturers, I would actively encourage you to download a copy of the study, which is available to download FROM HERE. IDC drew a number of conclusions from the results of the study and the complete list of recommendations are available by downloading the study, however some key points include: Start from Business Integration to Achieve Collaboration – To obtain a comprehensive view of the extended supply chain and collaborate with business partners you should first be able to integrate with them Redesign Supply Chains – Having a collaborative information exchange process is core to being able to support global trading partners and ensure that supply chains are resilient in the face of volatile demand or unexpected supply chain disruptions Acknowledge the Opportunity of Elevating the Role of Your B2B Infrastructure – B2B infrastructures are in many cases still considered a commodity tool, but moving forward manufacturers will need to make it: ‘The central information exchange layer of the organization’ In summary, the study demonstrated that manufacturers can achieve hard benefits by improving their B2B related processes. In fact the study demonstrated that there was a strict correlation between having a pervasive, more modern and collaborative B2B platform in place and being a leader in supply chain performance. To get a better understanding of the analysis and to get IDC’s direct response to the findings from the study I would encourage you to DOWNLOAD the study and if you have any questions then please do not hesitate to contact OpenText. Over the next few weeks I will take a deeper look at some of the industry specific results from the study

Read More

Treat Contract Management as a Strategic Business Process

It is well accepted that contracts are at the crux of every business, and the value delivered by underlying contract management systems can have a direct impact on an organization’s top-line revenues, costs and regulatory compliance (see related post: Contract Center: The Hat-Trick of Business Value ). Yet organizations often treat contracts simply as important legal documents that, once signed, are saved away in shared folders or content repositories (or even in filing cabinets) until a need arises to look for them. By the way, studies show a not-so-small percentage of these “safely stored” contracts are not found after they are stored. Contract management really needs to be looked at as a broader, end-to-end, strategic business process, rather than solely being the activity of aggregating contract documents within a content repository. And, like any organizational core competency or strategic asset, this business process—also referred to as the contract lifecycle—needs to be efficient, consistent, flexible, and built on best practices. It needs to be monitored, analyzed, and continuously improved. But different departments are concerned with their own types of contracts, and each one may have their own policies which are often undocumented or inconsistent, procedures which some may be manual or semi-automated, and people which may be disconnected or disorganized for dealing with drafting, negotiation, and renewal of contracts. A centralized and collaborative platform to manage all contracts transparently is desirable, but how could one fulfill the unique requirements (policy, procedure, and people) of each type, while also ensuring that every individual contract moves flawlessly from request through execution, or from enforcement through renewal? This is where a cutting-edge BPM platform can play a critical role. The newly launched Contract Center application fully harnesses the power of the OpenText Process Suite to orchestrate the contracting process, automate related workflows, execute rules, assign tasks, send reminders, enforce deadlines, track milestones, remove bottlenecks, and implement best practices for all contract types. Contractual terms and other information entered or generated as part of a contracting process can be used not only to build dashboards, reports, and integrations, but also to drive and optimize the progression of this process itself. Contract documents to be authored, negotiated, redlined, or executed are contextually and seamlessly integrated into each stage of the contract lifecycle, and securely governed in the OpenText Content Server which provides best-in-class ECM capabilities. So with Contract Center, contract managers and legal staff can quickly locate (or be alerted) and stay on top of their active or in-progress contracts at all times, and can rest assured that no contract will ever go out of sight. For more information on Contract Lifecycle Management (CLM) and OpenText Contract Center, view this recorded webinar, Three Pitfalls of Poor Contract Lifecycle Management—and How to Overcome Them.

Read More

Achieving ROI from Enterprise Archiving: Part 3 – IntensifyingPressurefor Compliance

Meeting organizational, legal, and regulatory compliance obligations is a direct advantage of enterprise archiving. Your notion of compliance may differ based on your market, geographic regions where you do business, and—if you are considering adding cloud into your information management strategy—compliance even touches the physical location where you archive your corporate content. Organizational Compliance Even if your organization is not bound by the same regulations as industries such as financial services, pharmaceuticals, or the various levels of government, keeping too much content or over-retention is not a viable strategy. Business-relevant content needs to be managed and readily accessible to your users; content such as contracts, legal agreements, human resources documents, and more need to be classified as business records while content of a non-business nature, or “transient” content, should be managed and disposed of appropriately under policy as well. Compliance doesn’t need to be complex. Build straightforward policies for your business-relevant content and rules on how to handle both business records and non-business content, and stick to them. Adherence to policy is the best way to provide evidence that you’ve taken reasonable efforts to manage your enterprise content and met the duty to safeguard against sanctions or fines. Legal Compliance Historically speaking, the Federal Rules of Civil Procedure (FRCP) and U.S. regulators like FINRA have given rise to compliance-driven archiving. There are clear signs, however, that sanctions, fines, and growing legal threats are intensifying compliance concerns outside the U.S. as well. At the end of the day, regardless of your geographic region or market, it’s not a matter of if a legal event will occur, but when—and inadequate information management practices will cost you. Legal compliance issues can arise simply by not employing proper retention policies, which can be seen as negligent in the eyes of the court and result in spoliation sanctions. Some striking examples include: In 2009, MetLife was fined $1.2 million for improper monitoring of email archiving obligations under FINRA In 2010, Piper Jaffray was fined $700,000 for improper retention of email In 2010, LPL Financial was fined $9 million for email system failures and compliance with FINRA In 2013, ING was fined $1.2 million for improper email retention and failure to comply with FINRA In 2013, Barclays was fined $3.5 million for email retention failures. In 2013, Boehringer Ingelheim was fined $931k for losing files including text messages related to Pradaxa drug trials EU Data Protection Regulation: fines up to €100m proposed In 2013, a federal court sanctioned the government for failing to meet its duty to preserve website content advertising for a $32 million Department of Veterans Affairs procurement This list highlights the need for proper information governance across not just email but all enterprise sources. The savings in fines, along with the damage to your brand, shareholder value, and reputation make the deployment of enterprise archiving an imperative investment for any organization. Regulatory Compliance There’s a growing list of regulatory standards that are being enforced across markets and regions. Enterprise archiving and information governance practices help organizations comply and meet regulatory requirements as they continue to evolve and intensify. Ask These Questions When Determining the ROI Related to Compliance: 1. What obligations is your organization bound by in terms of compliance? 2. What sanctions for information management have you or your peers been hit with? 3. Can you easily preserve potentially relevant and responsive content? 4. Does your organization feel over-retention is a concern or is a necessary price to pay for compliance? 5. If you’re considering a move to the cloud, can you meet data sovereignty needs and compliance under one roof? 6. What other sources should be archived to ensure full compliance? Manage and Protect Your Information with Information Governance Establishing an information governance practice helps organizations meet compliance obligations, reduce storage and operational costs, and mitigate legal risks. Establishing a tangible return on investment, however, is not easily quantifiable and depends on many factors—some unique to your organization. Information governance is about managing and protecting your information to make sure it’s working for—not against—your organization. OpenText solutions enable Information Governance to make it easy for your organization to maximize the value and minimize the risks of your information, as well as develop a blueprint for achieving return on investment. For more information on deriving ROI blueprints from enterprise archiving and information governance visit www.opentext.com/archive. Thanks for reading! Don’t miss Part 1 and Part 2 in this series. If you have any comments or questions feel free to reach out to me: Twitter: @bygregclark LinkedIn: linkedin.com/gregclark Email: gregc@opentext.com

Read More

Did You Know That 80% of High Tech Companies are ‘High Adopters’ of B2B Integration Technologies?

A few weeks ago I posted a blog summarising the automotive related results from a recent B2B study that OpenText sponsored. The aim of the study was to see if there was a direct correlation between B2B integration and how it impacts supply chain performance. I will take a look at the CPG related results in my next blog but as I am spending this week in the heart of Silicon Valley over on the US West Coast I thought it only appropriate to discuss the high tech results in this blog article. We recently hosted a webinar with IDC to discuss the findings from the study. You will be able to get access to this and other downloads related to our study at the end of this blog. The global high tech industry is going through a major renaissance at the moment, new business opportunities being presented in the automotive industry, wearable devices and the internet of things sectors. In fact I would say that high tech companies are investing more in the internet of things related technologies than any other industry sub-sector at the moment, for example Intel’s investment in a new generation of chips for embedded devices. With all this focus on new investment areas it presents further opportunities for consolidation across the industry and only last week NXP semiconductors announced their intention to acquire their smaller rival Freescale Semiconductors. Continued M&A activity will present new challenges for B2B managers across the industry as they are forced to consolidate multiple B2B networks on to a single global B2B network. Increased regulatory compliance such as Conflict Minerals compliance is starting to be adopted by more regions around the world as a way of removing so called ‘3TG’ minerals from global supply chains. Increased regulatory compliance is driving a need for companies to think about how they manage their trading partner communities and how ultimately they should be working more collaboratively with their global trading partners. Finally this week will see high tech supply chains gearing up for the launch of the next big consumer must have gadget, Apple’s iWatch is finally being released. Apple is a past master at readying their supply chain for such product launches but it does nicely illustrate how the high tech industry has become so consumer driven in nature. So now let me discuss a few of the high tech related results from our study: 79% said they exchange B2B transactions electronically with their trading partners . I guess there is no surprise here that high tech companies have a high expectation to exchange business documents electronically with their trading partners. As with the automotive industry, the high tech industry is truly global in nature and in the case of semi-conductor chips they are manufactured in a multi-stage process that embraces many different production and finishing locations around the world. To try and encourage greater participation from its trading partners around the world, the high tech industry introduced its own highly successful XML based document format called RosettaNet which is still very much in use across the industry today. 58% said that B2B adoption had reduced their procurement costs. Greater visibility into the supply chain and in particular inventory locations around the world meant that high tech companies could reduce their procurement costs by being able to better optimise inventory from multiple locations around the world. In addition, the costs and time to manually process transactions across the procure to pay process can be reduced by providing high tech trading partners with the right B2B tools according to their technical capabilities. 54% said that shipment status was one of the most important B2B transactions in use across their industry today . Knowing when supplier shipments are going to turn up at the factory gate is crucial to the smooth running of today’s production lines. Connecting to a single, global, cloud based B2B platform such as OpenText Trading Grid provides the end to end visibility that high tech manufacturers require. It is not just improved visibility into the direct materials supply chain but also in the aftermarket repair business where field service teams need to know when spare parts will arrive, being able to tell a customer that their high tech product will be repaired by a specific date is key to improving customer satisfaction levels. 47% said that competing IT projects such as ERP were a barrier to starting B2B projects . Given that ERP projects such as a major SAP deployment are the most expensive and hence high profile IT project under the control of the CIO, it is no wonder that ERP projects tend to get 100% attention from IT resources during a roll out phase. Having all IT resources diverted to an ERP deployment can potentially disrupt other IT initiatives such as a B2B program for example. Then again I would argue that if 47% of high tech companies see ERP as a barrier to B2B adoption, I would say that during ERP implementation this provides the ideal opportunity to think about integrating ERP and B2B platforms together. ERP B2B integration is a key reason why many high tech companies have deployed our Managed Services platform to provide a single outsourced integration platform. So the barrier in this case certainly provides the opportunity for B2B integration. 42% said they processed invoices in real time with trading partners . In Europe for example, with 28 member countries of the European Union, there are 28 different tax compliance laws, 28 different ways to apply digital signatures and 28 different ways to archive invoices. If you are a high tech company based across the border in one of the Eastern European countries such as Slovenia then navigating your way through invoicing compliance in Western Europe is a complex process. The high tech industry is not only consumer driven but it is fast moving in nature and its suppliers need to make sure they can be paid quickly in order to make sure that they can fulfil orders to their numerous customers in a timely manner. Adopting B2B integration and in particular electronic invoicing can significantly reduce invoice processing times and by working with a company such as OpenText that offers electronic invoicing solutions it means that you can work with suppliers in any country, irrespective of the invoice regulations that may be present in these countries. In fact one further piece of analysis that we did as part of this project found that automating invoicing processes through the use of B2B integration technologies such as electronic invoicing had increased the speed of invoice processing by 156%. Overall, the high tech industry had the highest level of electronic B2B exchange of all the industries surveyed with nearly 80% being ‘high adopters’ of B2B integration technologies. As mentioned earlier this is due to the fast paced nature of the industry, with nearly 99% of high tech respondents performing two inventory turns per month, and the need to have a highly responsive supply chain network that can adapt to continually changing market dynamics. This is amplified by the diverse range of trading partners involved across the high tech supply chain, from contract manufacturers (who make products for many different customers) to distributors, and fabless semiconductor manufacturers to raw material providers. Exploiting new market opportunities over the next three years was one of the key initiatives being undertaken by high tech companies. 57% of South Korean respondents, of which a high proportion were from the high tech industry, said that supply chain complexity was a key barrier to B2B adoption, however I would argue that if companies chose a cloud based B2B platform then this would not only help to reduce supply chain complexity but it would help to provide the flexibility and scalability that the fast moving high tech industry urgently needs. If you would like to download your own copy of the new B2B study from OpenText then please complete the registration form here. When you have registered you will also be able to get access to an on demand webinar that we recently recorded with IDC, a copy of the webinar slides and an infographic that illustrates some of the key findings from the study.

Read More

Contract Center: The Hat-Trick of Business Value

A “hat-trick” is something good that happens in threes, typically three scores in a single game in hockey, soccer (football for those of you outside the U.S.), and cricket (for those really outside the U.S.). Being a bit of a sports fan, this is the first thing I thought of as OpenText launched our Contract Center today. Contract Center is a new contract lifecycle management solution that brings together our Process Suite BPM platform with our Content Server ECM system, and wraps those up in an application that includes contract lifecycle best practices, processing functions, workflows, and user interfaces. It is an enterprise-scale platform for sell-side contracts, buy-side contracts, and all types of legal agreements. The hat-trick is due to the fact that Contract Center provides three types of benefits to an organization, including top-line benefits, bottom-line benefits, and security/regulatory benefits. Many software solutions claim to have all three—but really don’t. Score number one includes the top-line revenue benefits of effective contract processing, especially on the sell side. Shorter contract development and execution times due to direct input of approved clauses and phrases, automated negotiation cycles with customers, notifications around contract renewals, and generally a more efficient, effective, and customer-friendly contracting process means buying relationships get off on the right foot and stay that way. Score number two is the cost savings, which are even more significant. Usually very highly paid legal resources are creating contracts, are involved in negotiation and amendment, and are joined by a significant amount of resources facilitating manual approval cycles, leading to a very labor-intensive and expensive process. In addition, Contract Center captures meta-data about contracts, so order volumes and renewals are tracked and alerts are sent so organizations can maximize the value of their contracts in terms of volume discounts, incentives, rebates, and on-time renewals. A side benefit of this automation—besides the savings associated with reducing time and people—is the transparency. With Contract Center, users can see exactly where a contract is at any stage in the process, and what is needed to move it forward. The third score to make the hat-trick is that many organizations have internal information governance mandates or regulatory requirements for contract processing, which are both *very* hard without an automated and flexible system. Contract Center is completely integrated with the industry-leading Content Server repository, which provides complete control of a contract at every stage of its lifecycle, and includes strict authentication and security, full auditability, version control, and retention and termination when appropriate.  Compliance and security are very expensive and inconsistent without a system such as Contract Center, and the penalties for not getting it right includes fines, suspensions, and the inability to produce documents for litigation—adding up to extended time in the penalty box for the management team. The system can be augmented with OCR/ICR functionally via our Capture Center product and contact composition via our StreamServe product. These are integrated out of the box and allow organizations to craft the right solution for their specific needs. Contract Center takes something very expensive and important for an organization and makes it automated and secure, and it’s flexible enough to meet the needs of a variety of organizations and contract types. With our ability to improve the top line, reduce the bottom line (together to increase profits), and manage compliance, I’m sure even Wayne Gretzky would be impressed. As the record holder for the most three-goal games in an NHL career (with 50 total), I’m sure he’s had some pretty big contracts in his lifetime as well. Hmmm, maybe I’ll give him a call… (photo: Guildford Flames at Milton Keynes courtesy of David G. Steadman)

Read More

Document is Empty: How Inaccessible Online Documents Impact Screen Reader Users – In Their Own Words

The Opening Video from Actuate’s Automation and the Changing Landscape of Section 508 event I’m excited to finally be showing this here. Imagine if you opened a web page or a PDF and the screen was blank. You scrolled all around the screen, hit several keys on your keyboard, wiggled and jiggled your mouse, even closed the document and opened it again. Where is the content that is supposed to be on this page? Where is the information I need that is supposed to be in this document? Well, that’s exactly what it’s like every day for screen reader users when they attempt to read documents that are not tagged for accessibility. For the longest time we have wanted to voice the frustrations that the blind and visually impaired encounter every day to those who have never experienced it. This past December we debuted a video at Actuate’s accessibility event in DC called the Automation and the Changing Landscape of Section 508. The video opened the event, which by the way was well attended by more than 100 people, including those who were blind or visually impaired and those who were not. For effect, we cut the lights and set the stage for those who had never used a screen reader program before to experience it firsthand. The laughter rolled as the audience, who instantly recognized the unmistakable default voice of Freedom Scientific’s screen reader JAWS, began announcing that the document was empty while showing just a black, blank screen. For the next several minutes individuals including a business owner, a student, a homemaker, a screen reader product manager, a 508 SME, a 508 tester, an advocate and others brought you into the world they face every day struggling for the same access and independence many of us don’t recognize we have. More importantly they share the impact. The feedback we got from attendees on the video was even more positive then we’d hoped it would be. I think we hit this one right on target. Now I finally get to share it with all of you. I’ll let you hear it straight from the people who are impacted most when it comes to accessible content – those that use it. Watch the video below to hear what they have to say. And, I’d love to hear your feedback! Document is Empty: The Screen Reader User Experience is the result of months of traveling North America, speaking to people from the visually impaired community. The goal of the video was to help organizations understand frustrations and impact of inaccessible information from the user’s perspective – a true UX. What many organizations don’t know is that there is technology that solves this issue, affordably and nearly effortlessly with automation. Actuate’s automated PDF remediation technology allows high volume and repeatable customer communications like statements, bills and notices, to be generated as accessible PDFs. This could be a real game changer according to those in the video – but you decide after you take a look. Those appearing in the video are consultants and accessible technology experts, but also regular people who aren’t involved with the technology issues at all – except that they live it every day. Like everyone, they use the web to go about their business, from accessing their benefits and health information to checking their financial information. And like everyone, they want to do that privately, without waiting weeks for a hardcopy accessible version they can read, or having to get a sighted person to look at it for them. The difference is that when organizations don’t provide this information in accessible online formats, they can’t do that. Their screen reader can’t access the information accurately, or often not at all. In popular screen reader parlance, the document is empty – or at least that’s how it appears to those relying on screen reader programs to read and consume documents that aren’t accessible. Creating accessible online documents – whether you’re a private company or a government agency – it’s not merely about meeting legislative compliance. It’s not simply checking all the right boxes to make sure you meet the regulations for accessibility. It’s about truly providing equal access to all of your customers, constituents or recipients who receive your services– including those who are blind or visually impaired.

Read More

Healthcare Organizations’ Email Security isn’t Making the Grade

So, it looks like a lot of healthcare organizations are flunking email security. According to the “state of email trust” survey cited in a recent Fortune Magazine article , healthcare organizations “severely lag” when it comes to securing email communications. In fact, the article states that an email, “purportedly sent from a typical health insurance company is, for instance, four times likelier to be fraudulent than an email that claims to be from a social media company.” A spokesperson from the surveying organization went on to state that “The poor folks in healthcare have traditionally not had much digital interaction. They’re the ones furthest behind by a country mile.” Considering the strict security compliance regulations in the space, this is disconcerting for the healthcare industry. The article went on to explain that only one of the 13 healthcare companies surveyed surpassed the ‘vulnerable’ category when it came to implementing three standard secure email protocols: Sender Policy Framework, or SPF, which checks emails against a list of authorized senders DomainKeys Identified Mail, or DKIM, which verifies the authenticity of a sender through encrypted digital signatures Domain-based Message Authentication, Reporting, and Conformance, or DMARC, which checks emails against a published record on a company’s servers, notifies the company of any potentially spoofed emails, and rejects suspicious emails as spam Fortunately, solutions like OpenText Secure Mail support these security protocols while tracking, encrypting and controlling the distribution of your secure email messages. One key feature of Secure Mail that might help some of these “vulnerable” healthcare companies is Data Leak Prevention (DLP). This capability limits access and transmission of sensitive information based on specific security policies. Features like this position Secure Mail as a strategic business tool for organizations looking to maintain the confidentiality of protected healthcare information.

Read More

Achieving ROI from Enterprise Archiving: Part 2 – The Rush to the Cloud

As organizations look to stem the tide of content growth and the ever-increasing sources to manage, they have been taking advantage of the economic and operational benefits of cloud solutions. It’s becoming commonplace to move email systems, enterprise archives, and even CRM applications to the cloud. Microsoft estimates nearly 1 in 5 Exchange mailboxes will be in the cloud with Office365™ 32% of corporations will archive in the cloud Clearly this trend is here to stay and growing. Whether you join the rush to the cloud depends on your views around risk, data sovereignty, and long-term storage requirements. Organizations that are considering a move to the cloud should take note of cloud Service Level Agreements. The public cloud does not come with assurances that your content will be stored in the country your business operates in, nor do SLAs absolve vendors (for instance, Microsoft, Google, and Dropbox) from any data loss or security breach. Along these same lines, some nation states have raised red flags around data sovereignty, privacy, and security in the public cloud, extending from revelations around the U.S. National Security Agency’s (NSA) PRISM program. Many countries have regulated new compliance requirements by amending their current laws or enacting new legislation that requires customer data to be kept within the country in which the customer resides. Switzerland, Uruguay, and Brazil have even either implemented or planned to implement “nationalized” clouds in attempts to secure citizens’ personal information and provide alternatives to businesses looking for cloud solutions. Ask These Questions When Looking at the ROI and Benefits of the Cloud Storing data in the public cloud can be inexpensive and very effective. Just be aware that there are risks that need to be mitigated and addressed: 1. What is the current cost of operations for running your mail environment today (storage, resources to manage and maintain)? 2. What is the current cost of operations for running your current archive (resources to manage and maintain, cost of storage plus future data growth estimates, number of electronic investigations and estimated average cost of the related disruption/productivity loss)? 3. Would a hybrid model for archiving make more sense—e.g. storing confidential/proprietary content or Intellectual Property (IP)? 4. Has the legal department reviewed and blessed the cloud providers’ Service Level Agreement (SLA)? 5. Do your corporate retention policies on enterprise content align with your compliance obligations and risk threshold? 6. What security measures are in place to safeguard corporate information in the cloud—e.g. encryption and security policies to be implemented in the data center? 7. What’s the cloud vendor’s process for supporting eDiscovery and output formats? Learn more in the full white paper, Achieving ROI from Your Enterprise Archiving. > Also check out more information on deriving ROI blueprints from enterprise archiving and information governance at www.opentext.com/archive. Coming up next in this series: The Federal Rules of Civil Procedure and Regulatory reform in Financial Services brought about the necessity of archiving email. As the volume and sources of content continue to grow and compliance requirements evolve, the need for archiving further intensifies. The need to control costs and mitigate risks is intrinsic to enterprise archiving, while the goal of extracting value from your content is amplified. If you have any comments or questions feel free to reach out to me: Twitter: @bygregclark LinkedIn: linkedin.com/gregclark Email: gregc@opentext.com

Read More

Achieving ROI from Enterprise Archiving: Part 1

Part 1 of 3: The Evolution of Archiving Email Management For years, organizations have been archiving email in order to offload expensive storage, improve performance, and reduce legal risks and the potential for fines stemming from non-compliance. Email archiving has been primarily deployed following two methodologies: envelope journaling to capture unaltered copies of corporate email and ensure 100 percent legal compliance, and mailbox management, which is selective archiving/stubbing where content is collected and archived and a link is left behind for users to retrieve and restore messages from the archive. Both approaches have their merits and concerns: Journaling ensures complete capture of all inbound, outbound, and internal mail. However, journaling alone can lead to inconsistent information management across your organization (e.g. if you selectively journal only C-level), over-retention, and bloated storage. Mailbox management scenarios capture and stub content based on policy (e.g. after 30 days) and enable users to maintain control over their content, ensure ready access for collaboration, and seamlessly access all emails including those stored in an archive. The concern here is two-fold. First, since archiving only occurs after a set period of time, messages can be deleted or moved and missed during collection. Second, asking users to manage their information in accordance to corporate policy can prove to be inconsistent at best, and with the advent of bigger mailboxes and cloud-based systems, users have access to more content than ever before. Managing a Broader Set of Enterprise Sources First-generation archive architectures could easily handle the volume of data created by email and files back in 2005, but as email volumes continue to grow—exceeding 143 billion by 2016 as estimated by Radicati —and as enterprise content creation and consumption soars—exceeding 44 zetabytes by 2020—many organizations are faced with increased costs to manage and store the content associated with the volume. Gartner estimates that, at this rate, spending on Information Governance programs will need to increase by five times over the next few years to keep pace. As a result, new strategies are required to ensure your content is being managed both appropriately and holistically, according to policy. In response to this, many organizations are weighing the benefits of either upgrading to a new version that can handle the scale, volume, and new content sources (ERP data, machine to machine communications, web and social content), or selecting a new vendor altogether. Consider different strategies to build defensible information governance practices: Look for ways to automate the process where possible to improve consistency and defensibility of information governance practices. Document and stand by your retention and records policies and practices. All businesses are different. Look for flexibility and multi-tiered approaches to identifying and classifying business-relevant content and take reasonable steps to dispose of that content (including transient and non-business-related content).   Ask These Questions When Considering Your Archiving Priorities and Associated Cost Savings and ROI: 1. What are the costs of the status quo? What are your human costs in managing and operating your current systems? What are your storage and recurring costs associated with your current systems? 2. What lead applications are the most expensive to manage and maintain? 3. Have you evaluated the amount of redundancy, age, and relevancy of legacy content? 4. What other sources are you required to capture and govern over (e.g. social, web, IM, VoIP)? 5. How prolific is SharePoint®? Is SharePoint sprawl, inactive content and data duplication a problem? 6. How bloated is your ECM with inactive, redundant, and seldom-accessed content and versions? 7. Is it important to capture business process outputs and outcomes (e.g. customer communications, marketing campaign outreach, HR, Finance, and LOB business process approvals)? 8. What sorts of retention and storage requirements exist for these content types? Do they require compliant WORM media? 9. Do users prefer to classify/file messages on their own? Is mobile growing in importance? Don’t miss the full white paper, Achieving ROI from Your Enterprise Archiving. Also check out more information on deriving ROI blueprints from archiving an information governance at www.opentext.com/archive. Coming up next in this series: Archiving in the cloud has been a natural first step for many organizations looking to offload the costs and resources required to manage their email infrastructure. However, it’s not for everyone. Check out Part 2 of the series where I explore some considerations when looking at archiving in the cloud.

Read More

Banking & PSD2: The Oscars Nominations for Biggest Disruptors are…

Similar to the Academy Awards official nominations, I’m sure you already have a good idea of the personalities that drew everyone’s attention in the Banking and Payments industry. Let’s open the envelope and nominate the most disruptive artefacts of the Payments Services Directive 2 (PSD2) from a Bank perspective. And the nominees are… Payments Initiation Services and Account Information Services From a commercial, legal, technical and operational perspective, Payment Initiation Services is introduced as a new obligation for Banks and traditional Payment Services Suppliers. The idea is to allow third-party companies (also regulated under the PSD2) to make payments on behalf of traditional bank clients. This is the result of the growing number of payment outfits in the marketplace, doing─until now─fairly unregulated business and operating within the scope of their own creativity and commercial objectives. PSD2 puts a framework around that, with the consequence of carving out the traditional business of Banks’ Payments and Cash Management, as we know it today. Account Information Services is the corollary of the first concept. It is the second nominee of our ceremony, as it also opens the market for competition and innovation. While Payment Initiation Services is largely “acting on behalf of the ultimate account owner”, Account Information Services is basically allowing third parties to act as aggregators across a number of banks, in terms of transaction visibility, reporting and all the traditional processes. The growing trend with corporates (wholesale banking) is the migration of treasury processes into the cloud with Payment Services Providers (PSPs) and historical treasury technology vendors, to optimize payments and cash management as an overlay to traditional Bank services. Account Information Services now puts a legal framework around this example. PSD2 is also largely designed to cover the same principles and benefits to the retail banking world. Low Hanging Fruits for Transaction Banking Clearly, the PSD2 will have a number of variations in transposed domestic laws, opening the gates to various rules, processes and technical standards. Across all of the impacted Bank functions, Transaction Services will pick up a lot more scope and business logic. I believe that minimizing and “protecting” back-office platforms from direct PSD2 impacts is the first point to consider. The aftereffect to this idea is the introduction of or fully leveraging Digital Banking. For those who still haven’t heard about Digital Banking, the idea is to separate the way Bank clients consume the services electronically from the way banking products, platforms and processes within the Bank are physically deployed. I wrote about Digital Banking in a previous blog. The low hanging fruits to deliver on the Payment Initiation Service as well as Account Information Services are: Digitize the Banking channels, enabling it to normalize client or third party data (payments, reporting, “act on behalf”, message types). This typically includes data normalization, file mapping, enrichment and transformation. Identify where pre-PSD2 processes in the middle and back-office systems can be maintained. The expansion of KYC rules, client-third party relations and reconciliation processes can help normalize all PSD2 flows from the technical foundations of the Bank. Operational client community and reference data management. Above and beyond KYC and sales data, it becomes an imperative to keep track of the entire detailed inventory of client integration reference data, settings, file types and envelopes, certificates, “act on behalf” mandates, etc. The Business As Usual (BAU teams) from Transaction Banking will need to keep track of multi-layered business and technical relationships. Ensure all access controls, identity management; auditing, reconciliations, and transaction management reflect the multi-layered model. Minimum Compliance vs. Commercial Strategy As of today, in early 2015 some European Banks have started to get ahead of the curve by spinning-off their own independent “third-party PI” brand, to compete within and maintain their share of the PSP market. This is very apparent in the Nordics and Germany. On the other end of the spectrum, the majority of banks are “hatching down”, bracing themselves with the minimum compliance approach. Minimum compliance is basically fixing the new gaps opened by PSD2, largely around security, KYC and electronic banking. Entering the “third-party PSP world” as a new or independent brand─a Bank joint venture, a spin-off, or a subsidiary─is the only way to keep or expand one’s market share. A few smart European Banks have chosen the most aggressive strategy, by executing a “land grab” from other Banks who chose minimum compliance. A Final Observation My personal take on PSD2 is that some Banks are wearing the scars of the financial and emotional investment into SEPA, still fresh in everyone’s minds. PSD2 looks like a further tightening of the bolts, when it actually introduces more disruption to the Banking business than SEPA did. When disruption comes, an organization can either do nothing or fully embrace it and ride the waves.

Read More

Healthcare Data Breaches Expected to Increase in 2015

A recent article in Healthcare Informatics titled “ Report: Healthcare Data Breaches Expected to Increase in 2015 ” covered how Personal Healthcare Information’s (PHI) continued shift towards digital formats will increase the potential for electronic data breaches to occur. What makes it more concerning is penalties stemming from these breaches are expected to be over 5 billion dollars. Then to compound the issue, those inside the healthcare sector aren’t necessarily confident about the protection measures in place now for electronic PHI. According to doctors’ offices and clinics cited in the article, the level of security and privacy for PHI shared on health information exchanges needs improvement. As someone familiar with information exchange technology, I think this represents a new opportunity for 2015. I believe healthcare organizations will look to reevaluate the methods and protocols they’re using to exchange digital PHI in order to avoid the pitfalls the article predicted for 2015. This means healthcare organizations will likely investigate and reassess information exchange methods like fax, secure email and managed file transfer to help address critical security and compliance standards in the industry: Fax Solutions help healthcare organizations works smarter by improving the speed, efficiency and accuracy of healthcare data Secure Mail helps minimize, control and manage risks associated with data breaches and vulnerabilities Secure Managed File Transfer (MFT) ensures the safety of the exchange of intellectual properties to help mitigate risks and improve compliance As we continue enhancing these information exchange offerings we fully expect our solutions to be in lockstep with the security and compliance issues possibly awaiting healthcare in 2015.

Read More

Top 10 News Stories from Actuate for 2014

This has been a huge year at Actuate. Between new products, acquisitions, and growth in our community, we’ve been busy providing great software across all of our divisions that help our customers meet their challenges in novel ways. Today, as 2014 winds down,  we’re highlighting ten of our biggest news stories of the year.     January 21: Actuate Patents PDF Accessibility Solution for Automated Tagging and Delivery of High Volume Content to the Visually Impaired. We were proud to kick off the year by receiving U.S. Patent 8619272, called “Automated Assistive Technology for the Visually Impaired,” for our PDF Accessibility Solution. This software integrates with an organization’s existing document management system to capture high volume print streams and automatically create properly tagged, accessible documents. February 5: Actuate Acquires legodo ag to Expand its Accessible Customer Communications Management Solution. The company develops software for generation of personalized customer correspondence via any communication channel, including mobile devices, and its software allows organizations to tap into their existing ERP, CRM, and other applications when creating customer communications. February 6: Actuate Launches New Generation of BIRT Content Services to Streamline End-to-End Accessible Customer Communications Management. Called BIRT Content Services 5.0, this new version of Actuate’s CCM product is now integrated with the BIRT iHub 3 deployment platform to enable end-to-end management of high volume customer communications. April 9: Actuate Introduces Document Accessibility Appliance to Automate Remediation of High Volumes of e-Delivered Customer Communications for Access by Vision-Impaired Customers. This virtual software appliance converts high volumes of electronically delivered documents into universally accessible PDF files (PDF/UA). Complying with WCAG 2.0 standards, the appliance helps organizations format and tag statements, bills, invoices, explanation of benefits and policy documents. May 7: BIRT Gains 500,000 New Developer Customers in Six Months; Community Grows to More than 3.5 Million BIRT Developers Worldwide. A quarterly survey by an independent, global developer research firm found that the community of BIRT developers keeps growing. “[T]he growth in the number of developers following Actuate is clearly reflected in the surge in our social media engagement levels,” said Nobby Akiha, Actuate’s Senior Vice President of Marketing. “Actuate’s BIRT social media profile continues to grow organically, with new followers on Facebook, Twitter and Google+, indicating a vibrant and active BIRT community. We have also observed a 50% increase in the number of visitors to our new developer.actuate.com site since its introduction last fall.” July 10:Actuate Launches BIRT iHub F-Type – Free Server for Over 3.5 Million BIRT Developers Building Data-driven Reports, Visualizations and Applications. A freemium version of our enterprise deployment platform, BIRT iHub F-Type has metered output capacity that can be expanded with an in-app purchase. Within 15 minutes of downloading BIRT iHub F-Type, a developer can import a BIRT report, schedule secure distribution, and export their report as a full-function Excel spreadsheet. Interactive personalization capabilities are automatically enabled, and developers can use BIRT iHub F-Type to embed dynamic reports and visualizations in applications. July 21: Actuate Announces BIRT Analytics 4.4 for Even Easier and Faster Big Data Advanced Analytics for Business Professionals. Our upgraded big data analytics platform for business analysts and users got powerful new algorithms and functionalities. “BIRT Analytics allows the business professional a way to easily explore and pivot billions of rows of data in seconds, while gaining immediate insights though visual representations of statistical models and advanced analytic techniques,” said Peter Hoopes, General Manager of Actuate’s BIRT Analytics Group. August 11: BIRT PowerDocs from Actuate is Now Available for the Salesforce1 Mobile App – Empowering Companies to Run their Businesses from Their Phones. Available in 10+ languages, BIRT PowerDocs is a cloud-based app designed to automatically incorporate ERP and CRM data and simplify generation of customer sales quotations and other correspondence within Salesforce1. It’s available for test drive and deployment on the Salesforce AppExchange. October 21: Actuate, Braille Works and Venatôre Collaborate to Deliver Industry’s First Cloud-Based Document Accessibility Service. Through key partnerships we expanded our offerings for the visually impaired community and for organizations that must comply with regulations such as Section 508 of the Rehabilitation Act. “Equal access to information is a basic right that every government agency must afford to individuals with vision loss,” said Paul Schroeder, vice president of Programs and Policy for the American Foundation for the Blind. “The Cloud508 service makes it possible to generate information in accessible formats to meet the access needs of people who are blind or visually impaired.” December 5: Actuate Signs Agreement to be Acquired by OpenText. The next chapter in Actuate’s story should begin within a few weeks. From the press release: “The addition of Actuate enables OpenText to enhance their products with embedded analytics as well as enter a growing market. Together Actuate and OpenText will seek to extend the benefits of embedded analytics to more geographies and industries.” We had to make some tough choices to whittle this list down to just ten entries. While we haven’t noted them all here, we’re also proud of our increasing profile among analysts and experts including Conformit, Dresner Advisory Services and Forrester; our growing profile in developer, open source, and social media communities; and our satisfied customers and partners like Phototype, IDS, and New York City Transit Authority who step up share their success stories. And we’re very proud of our Data Driven Summits, so we’re sharing videos of many great demos and panel discussions on the Actuate blog. With all of this in mind, 2015 promises to be another banner year for Actuate. We’re glad to have you – our customers, partners and prospects – with us during this exciting time. Subscribe to our blog (at left) and you’ll be the first to know when the next big things happen. Calendar image by Dafne Cholet.   

Read More

Join Santa Claus on his Journey to the Digital First World!

When OpenText acquired GXS in January 2014, little did the company know that they would also be acquiring a customer widely regarded as having one of the most secretive businesses in the world. Over the years, many companies have decided to outsource the management of their B2B environment and in 2008, GXS signed a Managed Services contract with its most high profile customer, Santa Claus Enterprises in the North Pole. Over the years I have kept in close contact with this particular customer as they have been a shining example of how to deploy the full portfolio of B2B solutions from OpenText. Each year, just before Santa’s busiest period, I have provided a summary of the enhancements to their B2B environment. The evolution of Santa’s B2B environment is documented via the blogs below, feel free to take a look through as they will also provide some interesting insights into what it takes to deliver millions of Christmas presents on just one night of the year. 2013 – Santa deploys the Internet of Things across his North Pole Operations 2012 – Santa begins to evaluate the information flowing across SantaNet and implements a Big Data strategy 2011 – OpenText Active Community gets rolled out across Santa’s trading partner community to improve day to day collaboration across his Present Delivery Network and he also gets nominated for B2B Heroes award 2010 – Santa evaluates how cloud computing and mobile devices could improve North Pole operations 2009 – Santa completes deployment of OpenText Managed Services and begins to embrace social media tools 2008 – OpenText Managed Services chosen to support Santa’s new B2B hub, OpenText Intelligent Web Forms deployed to create SantaNet Santa’s little helpers, namely his army of elves, were asked by Santa to review the portfolio of Enterprise Information Management (EIM) solutions from OpenText to see where further benefits could be made by automating manual business processes and digitising the remainder of his business operations. Many companies are embarking on a digital journey to improve the way in which different departments manage and get access to their corporate information. In fact ‘Digital Transformation’ projects are high on the agenda of many CIOs around the world at the moment and OpenText is in a unique position to provide a one stop shop to transform companies into a digital business. In August I received an email from Sonja Lundström, Santa’s trusted advisor and executive assistant, inviting me to go up to the North Pole to provide a digital business briefing for Santa and his executive board. Santa’s board members comprise of senior executives from some of the world’s leading toy manufacturers including Mattel, Hasbro and Lego. As with previous trips up to the North Pole, I was asked to check in at the Elf Air desk at a secret terminal at Schipol Airport just outside Amsterdam. This year I had the privilege of travelling on one of Santa’s new Airbus A380’s, a converted passenger plane that allows Santa, when required, to expedite the shipment of thousands of parcels to any one of his Present Distribution Hubs located in strategic locations around the world. The plane I travelled on, call sign ELF020, was one of a fleet of ten aircraft that Santa had chartered for the 2014 holiday season. 16 hours after leaving the UK I was checking into the North Pole Ice Hotel, a stone’s throw from the entrance to Santa’s primary toy manufacturing and distribution facility. I decided to get an early night as I knew the following day would be quite busy! The next day I walked across to Santa’s factory and I was whisked up to the executive briefing centre where I was introduced to Santa’s board members. Five minutes later and the main man himself walked through the frosted glass doors to the board room. Following introductions, Santa’s Chief Elf Information Officer provided an update on their current IT and B2B related projects. I have documented many of these projects quite extensively in the earlier articles which I listed at the beginning of this blog. Needless to say I was very impressed by the ROI that Santa had obtained by deploying OpenText Managed Services. Santa’s core B2B platform, the Present Delivery Network (shown above), processes billions of transactions each year and over the last five years, Santa had seen a 40% growth in new present orders through SantaNet, a web form based toy ordering environment that our company setup in 2008. The growth in new orders had come from the so called omni-channel effect with children placing toy orders through PCs, mobiles and tablet based devices. In addition to deploying a world leading B2B platform, Santa’s team rolled out their ‘Internet of Santa’s Things’ infrastructure, a high profile initiative to provide improved visibility across Santa’s Present Delivery Network. The Internet of Things has become one of the most talked about disruptive digital technologies of 2014, and Santa had no concerns about deploying his IoST environment and he certainly proved to be a digital trail blazer in this particular area. In addition, Santa had embraced a number of other disruptive technologies during 2014. Last year I discussed how Santa’s elves were using Google Glass in their warehouses to improve their toy pick rates. In addition to Glass, Santa had tested some other high profile disruptive technologies. A few years ago Santa invited Steve Jobs to his factory and following lengthy discussions Santa Claus Enterprises became a leading member of Apple’s beta test program. As soon as the early iWatch wearable devices were revealed to the world’s media in 2014, Apple despatched a shipment of iWatches for every elf in the factory. These came pre-loaded with a number of festive mobile apps to help improve the day to day efficiency of Santa’s team of elves. 3D printing was rolled out across Santa’s production department, not just for manufacturing proof of concept toy designs but to build scale models of new sleigh designs that would then be refined in Santa’s onsite wind tunnel. Sleigh research budgets have increased significantly over the years and 3D printing was helping to develop the most aerodynamically refined sleigh in the world. The final area of digital disruption that Santa embraced in 2014 was advanced robotics. Santa had heard that Foxconn, a leading contract manufacturer to Apple, was deploying up to a million ‘Foxbots’ across their manufacturing operations. Santa decided that he wanted to deploy ‘Elfbots’ to bring similar efficiencies to his own production operations. Santa is now working with Andy Rubin, head of Google’s newly formed robotics division, to define a development plan for his network of 2,000 Elfbots. Santa has done a great job of ensuring that he can seamlessly connect with the little children around the world. So in many ways Santa’s operations were already significantly digitally enabled but now that GXS had been acquired by OpenText there was scope for the deployment of further digital information tools. After all, many of the new disruptive technologies such as connected IoST devices were producing high volumes of unstructured data that would need to be archived, analysed and acted upon as required. After the CEIO had provided his updates it was time for me to take to the floor. I provided Santa and the board with a high level introduction to OpenText and they were very impressed with the joint customer base and the opportunities available to embrace new Enterprise Information Management solutions. Even though Santa had consolidated many back end business systems, such as his Elf Resources Platform (ERP), there were still many different information silos located within the various departments of his operations. Just finding the right information at the right time proved to be a challenge on occasions. To gain further efficiencies across Santa’s operations it would be important to ensure that all departments could feed off of a centralised digital information hub. This hub would be accessible any time, any place or anywhere, useful considering the global nature and complexity of Santa’s operations. OpenText solutions are divided across five key ‘pillars’, shown by way of the chart below, Santa’s B2B solutions are under the Information Exchange pillar. Before I had even explained each of the five solution pillars, Santa could immediately see that there was a significant opportunity to increase the footprint of OpenText solutions across his business. Santa said that he would like OpenText to become his trusted guide during his journey into the digital first world. But first he wanted me to highlight how OpenText could manage different types of information from the key stages of a toy’s lifecycle. I created the chart below to help illustrate some of the key process stages across Santa’s manufacturing operations. I have also overlaid, where appropriate the five key solution pillars as they apply to each stage of the lifecycle of a toy (which in reality could represent any manufactured product). Now I could go into detail around how OpenText can help manage information across each of these twelve process steps, but for the purposes of this article, let me just expand on five of these. Toy Design & Engineering – At this phase of a toy’s lifecycle, any information associated with the design of a toy will need to be centrally managed and archived in an Enterprise Content Management (ECM) solution. Typical files managed at this stage include 3D CADCAM models, 3D printer files, 2D drawings, production related information and high quality rendered images and 3D animations. A Digital Asset Management solution from OpenText would allow Santa’s marketing elves and outside PR agencies to review and download high quality rendered images and videos for use in promotional materials. Information Exchange (IX), solutions such as Managed File Transfer, allows Santa’s design elves to send large file size design information anywhere across the external enterprise, including contract manufacturers. Procurement / Supplier Onboarding – This is part of the toy’s lifecycle that GXS, now Information Exchange, has been supporting over the past few years, from on-boarding suppliers and ensuring they can exchange B2B transactions electronically to providing back end integration to Santa’s ERP platform. In addition, it is important for a procurement team to work collaboratively with their suppliers and all proposal, contract and contact information will need to be centrally managed. The procurement elves may need to undertake some form of Governance, Risk and Compliance (GRC) assessments across their trading partner community. The area of GRC is becoming an increasingly important area for many companies and new regulations such as conflict minerals compliance needs to be adhered to and managed in an effective way. Just as an aside, Santa takes Corporate Social Responsibility really seriously, so much so that he would like to setup an Elf Information Management System (EIMS) to help with the day to day management of his elves and ensure the quality of their welfare whilst working in the toy factory. Plant Maintenance and Asset Management – Santa has an army of elves conducting proactive maintenance on shop floor related manufacturing and assembly equipment. Given the tight production schedule that Santa has each year, his elves ideally need quick access to maintenance and machine test procedures, 2D maintenance drawings and equipment test and compliance certificates. Even ensuring that Santa’s elves adhere to the latest Elf and Safety procedures has become a challenge over the years. The elves already have access to ruggedized tablet devices for use on the shop floor. Using Appworks, OpenText’s mobile app development platform, Santa’s elves would be able to get remote access to any information archived in the central content management system. In addition, the elves need to follow a standard process for maintaining each piece of equipment and OpenText’s Business Process Management (BPM) solution would be able to more effectively manage all the process steps involved with maintaining Santa’s production equipment. Can you imagine what would happen on the 24th December each year if the toy production lines are halted due to a malfunctioning assembly robot? Online Customer Experience – The SantaNet portal had worked well over the years and allowed the little children of the world to login to a portal and submit their present wish lists! At this stage of the toy’s lifecycle, various web related assets will need to be created and managed, eg product brochures, toy promotion videos and animations will need to be accessed by different elves across the extended enterprise and outside video production agencies. OpenText Customer Experience Management (CEM) solutions are ideal for this purpose. Given the connected nature of today’s children, Santa would be able to setup a best in class ‘Young Person Experience Management’ offering that would leverage OpenText’s Web Experience Management offering. In addition, all other internal websites used by his elves could be upgraded with the latest portal technologies offered by OpenText. Recalls and Warranty Repair – The final stage of a toy’s lifecycle relates to the potential recall or repair of toys. Unfortunately not every toy delivered via the chimney makes it safely down to the fireplace and breakages can occur. Santa established a toy repair and recall centre ten years ago however many of the processes used to recover broken toys from the world’s children are quite lengthy and prone to delays due to the amount of manual paperwork that needs to be processed. In addition to repairs, sometimes toys have to be recalled, perhaps due to poor quality workmanship by Santa’s elves. Whether repairing broken toys or recalling faulty toys, Santa’s elves could significantly improve operational efficiencies by deploying OpenText’s Business Process Management (BPM) solution. BPM will ensure that every toy that needs to be repaired or recalled follows a strict series of process steps. This ensures that a consistent and repeatable repair/recall process can be established and this helps to improve Child Satisfaction Levels, a key metric used by Santa to keep the world’s children happy with their toys. In addition to providing an overview of these five solution areas, I explained to Santa that OpenText was looking at how the different pillar solutions could be integrated together. I also showed a new fast moving video which helps to describe the OpenText Cloud. To wrap up my presentation to Santa and the board I also discussed new development areas and highlighted a recent announcement concerning OpenText’s intention to acquire the business intelligence company, Actuate. Last year when I visited Santa Claus Enterprises HQ, I was shown the latest beta version of SantaPad, a Big Data analytics engine for processing toy consumption trends across the little boys and girls of the world. Actuate could potentially provide the business intelligence platform to significantly improve the big data analytics capabilities across Santa’s operations. Santa was so excited by this news that he requested a briefing of Actuate’s capabilities, as and when it was convenient for OpenText to do so. We had just gone over our two hour presentation slot with Santa and I decided to summarise how OpenText helps businesses move to a 100% digital business. Firstly OpenText can help to Simplify Santa’s back end platforms to manage enterprise wide business information, irrespective of which application the information was originally created in. Secondly, OpenText can help to Transform information from literally any format to another and ensure that digital information can be exchanged both internally across the elf community and externally across third party contract manufacturers and logistics providers. Thirdly, OpenText can help to Accelerate the adoption of digital technologies, which would allow faster business decisions to be made. Santa’s operations would ultimately become more responsive to changing consumer demand and increased competition from new emerging toy markets. This brought our meeting to a close and I had a number of actions to follow up on with my colleagues back at OpenText! In closing, Santa wished OpenText and our global customers Season’s Greetings and Happy New Year and he said he was looking forward to working closely with OpenText during 2015 and beyond. So it just leaves me to say season’s greetings and best of luck for 2015!  

Read More

Accessible Communications Deadlines Looming for Public & Private Sectors in Ontario

Do you communicate with your customers electronically? An important deadline is looming for businesses that operate in Ontario. If your organization uses PDF documents in its Customer Communications strategy, then you should be concerned about the deadline for providing accessible communication supports in those PDF documents. The Accessibility for Ontarians with Disabilities Act (AODA) was established in 2005 to help fight discrimination against people with disabilities in Ontario. Since then, in 2010, the Ontario Government enacted the Integrated Accessibility Standards Regulation (IASR) under the AODA. The IASR has deadlines for organizations to provide accessible communication supports which are prescribed based on type and size of organization. The Ontario Government and Legislative Assembly are already on the hook to meet this requirement as of January 1st, 2014. The Public and Private sectors are expected to comply according to the following schedule: Large Public Sector Organizations as of January 1st, 2015; Small Public Sector Organizations and Large Private Organizations as of January 1st, 2016; and Small Private Organizations as of January 1st, 2017. A large organization is one which employs 50 or more people. Programs such as paperless billing, which may involve electronic delivery of PDF-based statements, invoices and bills, are almost ubiquitous in industry today, due to their cost savings advantages and various corporate green initiatives. People with disabilities such as blindness, partial vision loss and cognitive disabilities interfering with reading ability, should be as much able to take advantage of these socially-responsible programs as anybody else. Not having communication supports built into these documents creates barriers to their participation and violates their rights under the law. Accessible Communication Supports for PDFs are provided by adhering to the PDF for Universal Accessibility (PDF/UA) standard which requires including a tag structure and other metadata within the file. PDF/UA compliant documents provide information to assistive technologies such as screen readers with regards to what is the meaningful content, and in what order it is to be read. It includes such information as language specification, identification of document hierarchy and alternate text for images used as content. Without these, screen readers see a PDF document as essentially empty. Many organizations take a manual approach to providing accessible formats, by responding to customer requests and sending documents to service providers at tremendous cost (from $5 to $35 per page) to be converted on-demand. However this is an exclusionary approach, requiring people with disabilities to inform these organizations of their disability, which to them is private information. In addition, delays in having documents made accessible by hand can disadvantage the consumer, especially when the information requested is time-sensitive in nature. An automated transformation approach, as provided by Actuate’s Document Accessibility Solution, can solve this problem by providing consumers with virtually instant access to accessible versions of their statements, allowing them the same timely access to information enjoyed by their sighted compatriots. Because of its ease of integration with an organization’s existing Customer Communications Management (CCM) systems, it can be provided inclusively eliminating the need for consumers to divulge private information. This can all be done at a small fraction of the per-page cost as compared with the labor-intensive manual remediation approach. This not only improves an organization’s public image, but also reduces expenses improving the bottom line. Organizations facing these deadlines under the IASR should already be thinking about how they will comply. To find out more about Actuate’s Document Accessibility Solution, simply send your request for information to ccminfo@actuate.com, and we would be delighted to start that discussion with you.

Read More

Accessibility and Government-Produced PDFs

First published on G3ict.org Government agencies are huge creators of high-volume personal communications. Tax documents, benefits and health statements, and other critical information is distributed everyday – and the U.S. federal government aims to deliver more and more of these digitally, cutting costs and making them easier for citizens to obtain. Yet, to reach all citizens, they need to ensure these digital documents are accessible to everyone – including the visually impaired. Through the accessibility conferences and events I’ve attended – including Freedom Scientific’s recent Annual Accessibility Showcase – I’ve had a chance to speak to many government audiences. They’re wrestling with how to best create equal access in the digital documents they distribute – as well as meet compliance with their own Section 508 accessibility standards – which is why I wanted to address the issue here. Government accessibility, after all, is about to become even more important, as the U.S. federal government initiates its ICT Refresh – an update of the Section 508 Standards and Guidelines, issued under the amended Rehabilitation Act. What will the changes to Section 508 cover? Section 508 standards mandate federal government agencies on how they procure, use, develop or maintain information and electronic technology – and aims to make this information accessible to people with disabilities. The update is expected to tighten accessibility regulations further, bringing them up to standards outlined in the Web Content Accessibility Guidelines (WCAG) 2.0. It’s also expected to include a full scope of communications not currently specified including: Public-facing content Content that is broadly disseminated within the agency Letters adjudicating any cause within the jurisdiction of the agency Internal and external program and policy announcements Notices of benefits, forms, questionnaires and surveys Emergency notifications Formal acknowledgements Educational and training materials What is expected to be exempt from covered content would include: Archival copies stored or retained solely for archival purposes to preserve an exact image of a hard copy Draft versions of documents Although Section 508 is a mandate for federal government, it has had a trickle-down effect into the private sector as well. That is solely due to the procurement regulations. With federal government constituting the largest consumer of electronic and information technology, those supplying that technology must make their products, including their documents and documentation, meet Section 508 standards in order to sell it to government. So, the new refresh will apply equally to government agencies, and to companies in all industries and of all sizes that supply to them. How can government meet these needs? In my opinion, meeting the need for accessible digital content means two things: creating the right types of documents, and finding the most cost-saving and least invasive way to build accessibility in. With that in mind, consider two things: 1. Many of these government communication documents – from tax notices to health and benefits statements – need to be offered in a digital format that’s accessible as well as portable and secure, in order to be archived for official purposes. While HTML has become a popular way of providing many types of documentation, and has its uses in government as well, it doesn’t meet these criteria. PDFs do. 2. High-volume, personalized communications such as the ones government agencies produce aren’t created by individuals. They’re created by applications that can handle those large volumes. Individually building in accessibility manually after the fact can be expensive and time-consuming – often with extended delivery times versus the instant access through secure web portals afforded to those who don’t require an accessible digital format. The right technology, though, can help get around these challenges. And it’s why Actuate introduced Cloud508 for federal government. Cloud508 To meet the needs of government, Actuate recently announced Cloud508 – a collaborative partnership between Actuate, Braille Works and Venatôre – which was specifically designed to meet the stringent security requirements of federal government. Cloud508 automates the generation and remediation of accessible PDF documents on demand and meets Section 508 requirements and WCAG 2.0 standards for accessibility. What’s more, Cloud508, powered with Actuate technology, allows for the automation of traditional formats like Braille, large print and audio, all while reducing costs and significantly speeding up delivery time. Highlights include: Automates generation/remediation of accessible PDF documents Cloud-based service First and only on the market, patented technology Secure – meets federal government’s stringent security requirements Real time conversion service Designed for high volume personalized communications such as tax, health, and benefits notices Section 508, WCAG 2.0 Level AA, PDF/UA compliant formats Automates and streamlines production of Braille, large print and audio formats I think it’s the answer a lot of government agencies are looking for as they search for ways to save time, resources, money, and comply with Section 508, all while providing a comparable experience to the blind and visually impaired. For more information on Cloud508, visit www.cloud508.com.

Read More