2. How FixNix add value?
â˘Process Automation: By automating
the compliance management
processes the organization will
dramatically reduce the time being
spent by staff members, line
managers, and senior managers on
risk and compliance related activities.
â˘Collaboration: Employees are able to
carry out team activities in a
productive manner with the
collaborative environment that FixNix
provides.
â˘Consistent Process: FixNix enforces a
consistent process across the enterprise,
eliminating any deviations and error
eliminating the cost and time associated with
repeated processes and multiple checks.
â˘Resource Utilization:With the entire
compliance process streamlined and
automated with the FixNix solution, the
organization can better utilize its resources.
â˘Comprehensive Visibility: Comprehensive
visibility provided by FixNix has lowered the
risk of non-compliance and executives can be
assured of higher customer and investor
confidence.
3. Enable Federated organizational
structure and leverage
technology for sustainability,
consistency, efficiency and
transparency across this
organizational architecture.
Managing documentation, risk,
controls and reporting of internal
controls having a number of
limitations
Challenges faced by industry in Compliance process
4. The system lacked role-based views, making it difficult for stakeholders such as executives to use the system.
â˘There was no easy way to share risks
and controls between processes in the
system. As a result, the compliance
teams ended up having to define a
number of redundant controls in their
existing system. This redundancy
made change management very
challenging.
â˘The system lacked document
management and change reporting
capabilities. Although current versions
were readily available, comparison of
controls and documents to prior
periods was completely manual and it
was difficult to implement strict
access control or deploy a streamlined
process for change management.
5. FixNix Asset Management can cater the needs of
â˘ISO Asset Management Workflows
â˘ITIL Asset Management
â˘Maintaining CMDB
â˘Asset Gap Analysis and Asset Protection Platform
8. Asset Registry / Inventory Phase
â˘This phase mainly involves the creation of assets.
â˘You are prompted to provide the following properties for any asset
creation.
ďźPhysical Properties(like IP, MAC, asset sub type etc.,)
ďźSecurity Properties(like C/I/A values etc)
ďźAssignment Properties(like asset custodian, owner, user,
current location etc)
ďźCurrent level of protection
(You can alternately use the import feature for bulk addition of any
kind of asset.)
9. Type of Assets you can maintain with FixNix
Asset Registry
â˘Information Assets
â˘Computer / Servers
â˘Source Code Assets
â˘Service Assets
â˘Mobile Assets
â˘Document Assets
â˘Miscellaneous (Coffee Machine, Printers & any other
Consumable Assets)
â˘Vehicle Assets
17. Assessment / Evaluation Phase
The evaluator / CIO needs to understand the current level of
protection and is responsible for defining the controls in the
below classifications.
â˘Labelling
â˘Transport / Transmission
â˘Addressing
â˘Storage
â˘Disposal
21. Action Phase â Custodian Role
Custodian is responsible for implementing the controls that
are recommended by evaluator/CIO and needs to describe the
action statements taken by him and is responsible for
providing the evidence documents.
22. Action Phase â Owner Role
Owner is responsible for defining fair usage policies and he
needs to communicate it with all the asset users. He needs to
get acknowledgement from all the asset users that they have
understood and accepted the policies.
25. Review Phase
The evaluator needs to review to the actions taken by
custodian and owner. Reviewer is supposed to take a decision
on the actions and he needs to define a closure statement and
a next review date
28. â˘Definition of Whistle-
Blowing
ďOne who reveals wrong-doing within an
organization to the public or to those in positions of
authority.
ďOne who discloses information about misconduct in
their workplace that they feel violates the law or
endangers the welfare of others.
ďOne who speaks out, typically to expose corruption
or dangers to the public or environment.
29. â˘Types of Whistle-Blowing
â˘Internal Whistle-Blowing
ďźWhen an individual
advocates beliefs or
revelations within the
organization.
â˘External Whistle-
Blowing
ďźWhen and individual
advocates beliefs or
revelations outside the
organization.
30. â˘Stages of Whistle-
Blowing
ďMainly three stages of whistle blowing given below
ď1.Blow the whistle
ď2.View Status
ď3.Evaluator Login
31. â˘Blow the Whistle
ďBlow the Whistle
ďHere we should mention what type of whistle and
to whom you want send complaint whistle.
ďRequester Information
ď Details description of whistle complaint and what is
your idea to solve the problem.
ďSubmission
ďRules and regulation about whistle
32. â˘Blow the Whistle
ďBlow the Whistle
ďHere we should mention what type of whistle and
to whom you want send complaint whistle.
ďRequester Information
ď Details description of whistle complaint and what is
your idea to solve the problem.
ďSubmission
ďRules and regulation about whistle
33. â˘Requester Information
ďBlow the Whistle
ďHere we should mention what type of whistle and
to whom you want send complaint whistle.
ďRequester Information
ď Details description of whistle complaint and what is
your idea to solve the problem.
ďSubmission
ďRules and regulation about whistle
34. â˘Requester Information
ďBlow the Whistle
ďHere we should mention what type of whistle and
to whom you want send complaint whistle.
ďRequester Information
ď Details description of whistle complaint and what is
your idea to solve the problem.
ďSubmission
ďRules and regulation about whistle
35. â˘Submission
lHere only mentioned all rules and regulation of
whistle complaint.
l1.First each person should accept the rules and
regulations
l2.Then person can file a whistle
37. View status
A person who informs on a person or organization
regarded as engaging in an unlawful or immoral
activity. Person can check given below
Person can check status of whistle complaint
Person can add comment and send mail to
authority person.
Person can check the entered information
40. Evaluator Login
lEvaluator can do following things are
lEvaluator can view the whistle complaints
lEvaluator can give solution to particular problem
lEvaluator can chat to person
lEvaluator can update the status of whistle complaint
42. Analyzing the Resources:
The analysis phase consists of impact analysis, threat analysis and
impact scenarios for Resources. If impact is Critical, two values are
assigned:
ď§ Recovery Point Objective (RPO) â the acceptable latency of data
that will not be recovered
ď§ Recovery Time Objective (RTO) â the acceptable amount of time to
restore the function
ď§The recovery time objective must ensure that the Maximum Tolerable
Period of Disruption (MTPoD) for each activity is not exceeded.
43.
44.
45.
46. Business Plan:
ďąThese phase identifies the most cost-effective disaster recovery solution
that meets two main requirements from the impact analysis stage.
ďąAnalysing the Operating Expenses(OPEX) and Capital
Expenditure(CAPEX) for the designing Business Plan.
47.
48.
49. Implementation:
ďąThese Stage defines whether the Business Plan is Implemented or
not. Any Queries/Actions need to take?
ďąThe implementation phase involves policy changes, material
acquisitions, staffing and testing.
50.
51. Acceptance and Testing:
The purpose of testing is to achieve organizational acceptance that
the solution satisfies the recovery requirements. Plans may fail to
meet expectations due to insufficient or inaccurate recovery
requirements, solution design flaws or solution implementation
errors.
Testing May include:
ďźTable-Top Exercise
ďźFunctional Test
52.
53. Maintenance Phase:
ďźMaintenance Cycle is divide to 3 parts:
ďMonthly
ďAnnually
ďBi-Annually
ďźIssues found during the testing phase often must be reintroduced to
the analysis phase.
56. Main Features
Single repository for regulations and standards
Centralized repository for compliance related organizational data
Allow for gathering of data from non technology sources such as
people
Map compliance data to regulations and standards
Allow for generation of reports, export data for use with other systems
within an organization
59. Main Features
Provide management dashboards for compliance status with the ability
to drill down across departments, geographies etc.
Allow for creation of custom compliance frameworks or modify existing
ones
Provide reminders to people for addressing compliance related tasks in
an optimal manner
Manage exceptions and activities related to compliance
Provide an exhaustive audit trail for all compliance related actions
through the whole process
64. ďFraud is a type of criminal activity, defined as:
â˘âAbuse of position, or false representation, or prejudicing someone's
rights for personal gain'.
â˘Put simply, fraud is an act of deception intended for personal gain or
to cause a loss to another party.
ďThe general criminal offence of fraud can include:
â˘Deception whereby someone knowingly makes false representation
or they fail to disclose information or they abuse a position.
â˘Fraudsters are always finding new ways to trick you out of
your money.
What is a Fraud?
65. What is Fraud Management System?
â˘Fraud Management System (FMS) that allows you to analyze data
from any source{Eg: Whistle Blower}, investigate hypotheses to
discover new patterns and root causes, identify fraudulent activity in
real time, and manage workflows that eliminate threats.
â˘Fraud Management Systems are used to automate the alerting and
prevention of fraudulent activities and to exclude the âhuman
factorâ.
66. ďFraud costs public and private enterprises hundreds of billions of
dollars each year.
ďâ Exponential increase of frequency and sophistication of fraud,
waste, and abuse.
ďâ Diverse, complex, and constantly changing fraud schemes and
strategies.
ďâ Huge volumes of data from multiple sources.
ďâ Operational and organizational silos
What Are the Challenges for
Companies?
67. â˘The typical organization loses 5% of its revenues to fraud.
â˘2011 estimated and projected global total fraud loss $3.5 trillion.
How big is the problem?
68. â˘Decrease fraud losses through real-time analysis.
â˘Improve operational efficiency by automated processes.
â˘Improve investigator efficiency with real-time analyses and metrics.
â˘Maximize detection efficiency by early identification and prediction
of future risk.
â˘Improve process efficiency through real-time monitoring.
â˘Investigate, analyze and prevent fraud in ultra-high volume
environments
Fraud Management Benefits
69. â˘If your company is at risk for significant financial loss as a result of
fraud, Fixnix Fraud Management is certainly worth a look at a very
low cost compared to other GRC competitors.
â˘First quantify the risk and then assess the cost of your current efforts
to contain and mitigate that risk.
⢠If you employ fraud investigators, you must have some measure of
their success and chances are you measure the number of potential
cases investigated, along with the number of real occurrences of
fraud.
â˘The goal should not necessarily be to increase the number of cases
of fraud detected, but to detect fraud more quickly and to minimize
the number of cases you chase that lead to no fraud (fewer cases of
false positives).
Recommendations
83. FixNix Policy Management
âWith FixNix Policy Management, you gain a meaningful understanding of what
governs your business and can formulate policies appropriately to assist achieving
corporate objectives and demonstrating compliances
âKey Benefits
oReduction in the time and effort required to create and update policies.
oMapping with Standards and Controls
oCommunication of Policies are made easy
oReports Generation
oDashboards with drill down charts
oVersion Management of Policies are made in a consistent manner.
85. New Policy
Create your policies in a 5 easy steps
Step 1: General Information
Step 2: Scope, Purpose & Description
Step 3: Mapping Standards & Controls
Step 4: Assign the handlers
Step 5: Date & Other settings
97. Incidents can be any failure or interruption to
an IT service or a Configuration Item/Asset.
These can get created from
From Event Management
From Web Interface
User Phone Call
Email Technician Staff
103. Fixnix Contract Management is a web-based tool designed to automate the
entire contract process end-to-end.
It simplifies the way contracts are managed, tracked and reported.
An automated contract management process involves 3 âlifecycleâ stages:
File contract, Approval & renewal.
Full-featured automated contract management should allow you to have
complete visibility and control over any given contract from its inception to
its renewal.
For each step in the contract management process, automated solutions
prevent clogs and speed up sales cycles.
Integrating FixNix Contract Management into your business process will
effectively enforce compliance & mitigate business risks, and acts as a
directory of information for all your clients and candidates.
108. objectives
â˘Government Watch List (what they are, laws, and
enforcement actions)
â˘HIPAA, how it affects facilities from a vendor
perspective, BAAâs, etc.
â˘Immunization testing, what is required, CDC and OSHA
regulations
â˘Training requirements, and OSHA rules and regulations
â˘Access Controls
109.
110. What to do - 10,000 Foot
ď˘Establish a Vendor Relationship Policy
ď˘Establish a formal process for annual vendor reviews
ď˘Assign and train vendor relationship managers
ď˘Establish a mechanism for tracking vendor
management activities
111. Which Vendors
ď˘All Vendors get costly
ď˘Which group of vendors give you the best bang for
your buck?
ďAccess to Customer Information
ďCritical for Operations
ďCritical to Customer Service
ďBased on $ amount of the contract
ďOtherwise visible/high risk (website host, video equipment
in the CEOâs office)
112. The Vendor Manager role
ď˘Who
ďCentralized
ďDistributed (with centralized management)
ď˘Skillset and tools
ď˘Time Requirements
ď˘Accountability
113. Tools Overview
ď˘Vendor Management Policy
ď˘Annual review checklist
ď˘Critical Statistics
ď˘Vendor Contract and SLA
ď˘Vendor Management Records
ď˘Open and Resolved Issues List
ď˘Vendor financial and third party review reports
114. Vendor Management Policy
ď˘Describes the organizations beliefs, objectives, and
general procedures related to vendor
management/service provider oversight
ď˘Key things in ours
ďRequired/recommended vendors
ďAssignment of responsibilities
ďAccountability
ďBasics of annual reviews
115. Tools âVendor Contract and SLA
ď˘Outlines the services provided and expectations of each
entity
ď˘Outlines recourse for resolving issues
ď˘Where is the vendor contract stored
ď˘Contract termination date
ď˘Date or period of notice prior to renewal or termination
ď˘Insurance coverage of the carrier
ď˘Privacy and other regulatory expectations
116. Tools âVendor Management Records
ď˘Records and reports of previous vendor management
activities for this vendor
ď˘Used to identify trends
ď˘Reminder of concerns from prior reviews, have these
been resolved?
117. What Does It Mean To Healthcare?
â˘Vendor Management = Risk Management
â˘Managing Risk to patients
âhealthcare-associated infections account for an
estimated 1.7 million infections and 99,000 associated
deaths each year
â13,779 TB cases (a rate of 4.6 cases per 100,000 persons)
were reported in the United States in 2006.
âPatient Privacy and Patient Rights
â˘Security of the hospital and hospital property
â˘Managing Conflict of Interest
â˘Cost controls with proper device and medication
approval processes
118. Risk reduction
â˘Access Controls
âCold Calling
âAppointment setting
âMedical mistakes due to interruptions
Without Interruption With Interruption
Procedural failure
rate
69.6% 84.6% (with three
interruptions)
Clincal error (at least
one)
25.3% 38.9% (with three
interruptions)
Estimated risk of
major error
2.3% 4.7% (with four
interruptions)
119. Challenges Facing A Facility
â˘Vendor Company
âFinancials
â˘Bankruptcies
â˘Liens
â˘Judgments
âLegal Standing
â˘Involved with Anti-Kickback
Legislation
âLiability Insurance
âHUBâs
âConflict of Interest
â˘Vendor Representatives
âImmunizations
â˘MMR
â˘TB
â˘Varicella
â˘Influenza
âCold Calling
âBackground Check
âConflict of Interest
âContact Information
âProper Training
120. Choices
Develop your own system Use a service
ď˘Cost
â Human capital
â Design the system
â Programming
â Manage the information
â Development time
â Administer the program
â Higher cost to vendor community
ď˘ Cost
âNormally at no or little cost to you
âAdminister the program
âLower cost to vendor community