"Success
together through excellence"
office: 212.319.1903
toll-free: 888.858.0800
Services:
Data Protection
(Confidential and Regulated)
Why Now
To achieve compliance and reduce risk, today businesses are becoming more data driven. How confidential and regulated data is handled, processed and protected has become a key issue for all businesses.
Every organization must be in total control of “managing the collection, use, accessibility, and storage of all customer, employee, and corporate confidential information in accordance with corporate appropriate policies (privacy, security, confidentiality, etc.) and government regulations.” In today's world:
· Corporate
confidential information must be managed to ensure
business strategy, product, and investment earnings security.
· Customer
information (including privacy preferences)
must be
treated as a single entity across the organization, kept
confidential at all business access points, and customers given
the opportunity to dictate how and when their information
should be made accessible.
·
Employee
information must be identified and managed
so that
it is kept in total confidence with limited, authorized access
while allowing an employee to view his/her information via a
secure access channel.
·
Regulatory
and Legislative Specified data must be managed and
made accessible according to specific rules throughout all
business processes.
To avoid the risk of non-compliance and
potential officer fraud convictions, all
businesses and organizations, no matter what
size, must develop and maintain appropriate
compliance and confidentiality policies.
These policies must ensure that all the
required information, and its processing, is
identified and properly managed as defined
by the legislation.
Achieving and maintaining compliance
requires a major effort.
Every part of your business that uses and/or
has access to confidential and/or regulated
data is affected and needs to be involved.
Careful planning and rigorous project
management are the only ways to guarantee
that the whole job gets done – accurately
and on time. A seamless flow from corporate
policy to software enforcement is the
answer.
Extensive process and data analysis must be
performed. Existing systems may need
enhancement to support these new privacy
requirements. Databases will have to be
updated with correct privacy data.
Your staff needs to be trained.
Non-compliance and misuse of regulated data
is punishable by fines and jail-terms, and
results in the loss of credibility in the
marketplace. The number of corporations and
individuals who are being called to task for
misuse of confidential and/or regulated data
is growing daily as you can see in the news.
And when an organization and its respective
officers are found guilty, they have
received and are receiving significant fines
and/or jail terms.
What do we do?
Advantageware assists its clients in:
• Developing a plan and
program to manage and protect data to
achieve compliance according to the applicable regulation.
Advantageware reviews the client’s data to
determine which elements need protection and
what type of protection is required.
Once the data elements are identified, they
are reviewed and categorized into three main
categories: controlled, guarded, and
secured. Each type needs to have its own
level of protection to reduce risk and
ensure full compliance to applicable
regulations.
As a general rule, all data used by an
entity must be controlled. Before starting
this process, the client will determine
exactly how many protection categories are
required for their business. Advantageware
provides frameworks (data models, plans,
polices, etc.), developed basis upon our
experience and knowledge, to serve as
guidelines to accelerate the effort required
to build the required programs.
A Data Protection Model is developed,
specifying the required level of protection
/ security, affected processes and effected
data elements.
The required control points and measures are
developed for each process that uses a
Protected Data Element/String and referenced
as part of the Data Protection Model. These
are then put into place as part of
Confidential and Regulated Data Protection
Program.
Advantageware assists clients to
successfully create, build / maintain, and
manage their Confidential and Regulated Data
Protection Solution. No Confidential and
Regulated Data Protection Solution
engagement is identical. Each needs to
conform to a client’s own unique business
requirements. And each is built upon our
extensive knowledge base.
Advantageware can assist clients to:
• Develop a plan and
program to manage and protect data to
achieve compliance according to the applicable regulation.
formulate Confidential and Regulated Data Protection Task
Force goals and develop the Task Force Project Plan.
• Develop a plan and
program to manage and protect
achieve compliance according to the applicable regulation.
appropriate level: corporate, business area, strategic partner,
and customer. Examine business processes, related manual
and automated systems, and corporate technology
infrastructure.
• Develop a plan and
program to manage and protect data to
achieve compliance according to the applicable
Solution Model. Incorporate the exact client specified number
of protection levels.
•
Construct business Confidential and
Regulated Data
Protection Solution requirements.
• Develop the Confidential and Regulated
Data Protection
Solution Model.
•
Develop strategies to implement system and
data changes
required to implement the Confidential and Regulated Data
Protection Solution.
•
Develop and present findings, open issues,
recommendations.
•
Develop "real world" plans.
•
Help write and/or update corporate policies
for confidential
and regulated data protection.
•
Integrate the solution into business,
operational and
technology infrastructures.
•
Develop Training Programs and related
tools.
•
Train staff.
How we do this
Implementing a successful Confidential and
Regulated Data Protection Solution is a team
effort. It is important that all appropriate
client personnel be involved as required so
that the total solution can be achieved
quickly and cost effectively.
Advantageware first works with clients to
determine the project scope, identifying
goals, objectives, risks, and constraints.
Once the project scope is established, a
project plan is developed. Advantageware
uses a structured work approach and solid
project management practices which
facilitate communication throughout the
entire project effort. We carefully plan and
staff all of our engagements, identifying
milestones, deliverables, dates, and risks.
With each risk, we try to predict impact and
define a contingency plan. We also use
various proprietary data models,
methodologies, techniques, and tools as we
carefully complete our work activities.
Advantageware gives its clients two ways to
implement the proposed solution.
·
Advantageware can partner with the client
and work with them
on an "as-assigned" basis. The client would manage the project
and Advantageware would supply staff with the appropriate
business/technical knowledge and experience on an as-assigned
basis.
·
Advantageware
can also deliver pieces of the solution
on a
project basis. When the proposed project plan is completed,
the client can make the business decision of whether or not to
vend-out portions of the total effort. At that time,
Advantageware will develop time and cost estimates and
present a proposal.
In both cases, Advantageware will assist the
client's staff to integrate the engagement
work products produced into their own
environment. We train the staff as required.
Success Stories
International Bank
Advantageware worked with Global Customer
Communications Unit to develop a new
Customer Service Model that ensures that new
and future privacy, security laws and
regulations are easily maintained and
incorporated into all Customer Service
functions. As part of this effort, performed
and presented the results of a Training
Survey to executive management. Developed:
training measures and related baselines,
required training plans and related training
materials, and computerized work-aids to
facilitate proper customer contact and
personal data usage records. Conducted
initial training programs and trained the
trainers. Performed follow-up assessments to
determine training effectiveness and made
recommendations for improvements.
International Bank
Advantageware worked with Retail Sector
business and technical staff to determine
the scope of the work to be performed to
comply with the bank's new privacy policy.
This required examining manual business
processes and their related automated
systems. Constructed the "what-is" data and
produced the process blueprint. Performed a
GAP analysis comparing the old data models
to the new privacy data models. Assisted the
client's staff in performing a GAP Analysis
of the existing systems and related
infrastructure. Created data and process
reengineering strategies. Developed
alternative solutions and related
recommendations. Presented findings and
recommendations. Working with client to
implement data and system level remedies and
providing Office of the Project support.
e-Broker
Advantageware
performed a Privacy Policy Audit. Reviewed
the existing policy, strategic partner
contracts to determine "information sharing
commitments", and current privacy practices.
Identified privacy policy violations and
made system, data, and process
recommendations to correct the conditions
and prevent future violations. As a
subsequent engagement, corrected the Privacy
Policies and related policy statements.
Developed, presented, and implemented the
proposed recommendations, which have made
the client 100% compliant.
Specialties
• Business Solution Delivery
(Internal or 3rd Party)
• Compliance
• Data Auditing
• Data Protection (Confidential
and Regulated)
• Data Quality
• Proprietary Software
• Special Engagements
• Subject Matter Experts