PowerDMS Blog

Can You Trace Your Way To Accreditation?

Abby Jarrett — Tue, 22 May 2012 19:11:34 GMT

We all loved it as kids: that magical, wispy thin paper that let us trace and transfer every curve and detail of elaborate pictures from one surface to another and call them our own. Suddenly we were "drawing" the likes of Calvin and Hobbes, Snoopy and our favorite giraffes with ease. But what about tracing as it relates to grown-up gap analysis and accreditation?

The tracer methodology grabs one variable--one particular patient's chart, a few lumps of coal in a coal mine, or single bottle of Coca-Cola at a bottler--and follows, or traces, every move and step it takes as it makes its way through an organization or facility. Kinda like when you lose your keys and everyone tells you to retrace your steps (and you roll your eyes because you've always already done that). The information collected in this blow-by-blow tracking is pure gold for companies and organizations with their eyes on the accreditation prize, as well as those fixated on standing out from their competition.

First thing's first. Choosing an auditor to dive head-first into gap analysis will unscramble the process and eliminate too-many-cooks-in-the-kitchen syndrome. This champion can hit the ground running and list elements of your organization's present situation, list goals for the future, and cross reference to reveal gaps.Tracers can serve as light bulbs in the gap analysis process, cluing you in to compliance trouble spots and your organization's shortfalls that could be holding you back from earning the accreditation you're after.

In other words, where are you now and where do you want to be? Is there a slowing bottleneck at one particular point in the bottling process? Are your nurses consistently dropping the ball at discharge?

While tracer methodology can be applied to any field or industry, with a brighter spotlight shining on patient care, healthcare is taking center stage. A surveyor talks to everyone involved in treating the patient they have chosen to trace--from the receptionist in admission to the surgeon in the operating room to the patient themselves. Armed with this data, any issues with compliance and patient care can be eliminated before they have a chance to spread.

Social Media Series – Isn’t My Stuff Private? (Part 1)

Abby Jarrett — Fri, 11 May 2012 16:12:23 GMT

Later on in this series, we’ll discuss how bad guys love the treasure trove of information available online now, especially within social media websites. You might be thinking, “I hardly use that stuff, and I have everything set to private anyway”. Well, that may not protect you—read on!

First, kudos to Google+ for the circles idea. That solves the conundrum of Grandpa trying to “friend” me and me not wanting to hurt his feelings since I really don’t want him looking at my party pictures. Truth be told, though, I don’t use Facebook. Not because I don’t find it useful, but because I don’t want them to have my personal information.

Am I a privacy prude? I don’t think so. I just don’t trust that Facebook has my best interests in mind. If they did, there wouldn’t have been so many privacy flare ups regarding the default settings over the years. You see, Facebook makes money by selling the information we provide them. So they’re financially motivated to get us to provide more and more information, so they can sell it to whomever they please. We are the product, not the customer.

And we really shouldn’t complain, because the service is free, after all.

So if you’re comfortable with Facebook management having access to your deepest darkest secrets, what about random people not in your inner circle? Surely they can’t see your stuff?

Unfortunately, a whole cottage industry of gaining illicit access to Facebook profiles has sprung up seemingly overnight to give the bad guys what they want. The personal lives of almost one billion people is just too juicy of a target. And while Facebook workers feverishly try to block the hacks, viruses, infected apps, password guessers, and on and on, they'll always be playing catch up. And your personal information is at risk.

About the Author

Doug Shields is an expert in information security, particularly in the fields of social engineering and employee security-awareness training. He has a long career with the U.S. Government Intelligence Community and private industry in the “white-hat hacker” security space. After recognizing a need for training programs to fix growing security concerns, he founded Humanisec, with a primary focus “to secure the human network”.

Security Awareness Series—Security and the Next Generation (Part 6)

Abby Jarrett — Fri, 20 Apr 2012 17:57:18 GMT

Unlike previous generations, the current crop of college graduates getting ready to join the workforce grew up with the technology the rest of us had to double back to learn: computers, smart phones, social media, personal websites, etc. Unfortunately, this comes with a comfort level that can be a problem at work.

Just because you grew up with password-protected websites doesn’t mean you can trust the owners of those websites implicitly; indeed, many of them do not have your best interests in mind.

Ah, but the “lock” comes on in the browser, showing me everything is secure!

Yes, the data in transit is indeed secure, but what is the owner of the website going to do with your information? Did you read the terms and conditions? Of course not—no one does. If you did, you’d still be reading the first of 10,000 you’ve clicked through since then! If you had read it, however, you might be surprised what you would’ve learned—especially who “owns” the information you’ve provided.

Another hallmark of the current generation entering the work force is a deep-rooted desire to stay connected at all times. Older folks may take offense to the quick glance at the cell phone during a work conversation, but that is merely another example of “staying connected”. With the rise of social media and texting, why wouldn’t every young person feel they can stay connected with everyone and everything they care about all at once?

Bad guys are using this shift in social behavior to their advantage. It’s much easier to garner someone’s trust in the virtual world than in the physical. For example, consider a simple friend request where the bad guy is linked to an acquaintance and has the ability to elevate the level of trust, or perhaps a forged text message from someone you think you know with a link to a website—a compelling sob story for help from someone who knows just a little too much about you and your friends.

Things are going to get interesting!

About the Author

GACP Unites with PowerDMS™ to Take Certification to New Heights

Abby Jarrett — Wed, 11 Apr 2012 15:20:43 GMT

Orlando, Fla. (April 10, 2012) — PowerDMS™ and the Georgia Association of Chiefs of Police (GACP) have joined forces to reach a standardized goal of simplifying certification processes. The partnership provides a holistic structure for Georgia’s law enforcement agencies to exceed certification standards while maintaining focus on safeguarding their community.

"The Georgia Association of Chiefs of Police (GACP) is very pleased with the accord we have reached with the well-respected PowerDMS™,” said D. Mike Edwards, Director of State Certification of GACP. “GACP believes this is another step forward in our efforts to further professionalize law enforcement in the State of Georgia.”

Beginning immediately, GACP’s 100 state-certified agencies in Georgia who are either seeking accreditation for the first time or reaccreditation by The State of Georgia Law Enforcement Certification Program or a respective accrediting body (such as the Commission on Accreditation for Law Enforcement Agencies [CALEA]) will be implementing PowerDMS™ STANDARDS, part of PowerDMS™ Suite. GACP will then begin dispersing standards manuals exclusively within the PowerDMS™ STANDARDS application, providing the capabilities to manage standards and build files electronically, track versioning, review the entire process remotely, and much more.

PowerDMS™ Suite is an all-inclusive software set equipped to tackle compliance-related tasks. From policy-and-procedure management to e-training, competency testing, and complete accreditation management, the application truly redefines the traditional paper-laden certification process.

“We’ve enjoyed working with the GACP throughout the past 10 years, and we’re elated they’ve chosen to embrace advanced technology to improve the certification process now and in the future,” said Joshua Brown, founder and CEO of PowerDMS™. “We’re honored that the GACP selected PowerDMS™ Suite as their vehicle to supply an enhanced certification experience for their members.”

About PowerDMS™

PowerDMS™ strives to provide the pinnacle in simple, paperless personnel management and regulatory compliance across a world of industries. Whether you’re looking for a way to handle standards compliance, policy dissemination and archiving, document signatures, employee training, knowledge assessments, or feedback reception and open, professional communication, PowerDMS™ Suite exists to handle each entity separately or as a comprehensive toolbox; ultimately redefining document management. To learn more, please visit www.powerdms.com or call toll free: (800) 749-5104.

Contact Information:

Abby Jarrett
Marketing Specialist
abby.jarrett@powerdms.com
(800) 749-5104, ext. 6025

Security Awareness Series—Why Technical Fixes Aren’t Enough (Part 5)

Abby Jarrett — Fri, 30 Mar 2012 15:08:52 GMT

It seems like every time a company has a security breach, the CEO shoves the problem (with some more money, hopefully) at the feet of the CIO. The knee-jerk reaction is to shovel money at the problem. Thumb-drive attack? Lock down the USB ports. Phishing attack? Upgrade the mail-filtering software. Someone posted something they shouldn’t have on social media? Block access to social media from the network.

Unfortunately, these “fixes” are costly, and may even backfire. Why? Because they instill management with a false sense of security.

After all, certain problems have NO technical fix. All the money in the world spent on network firewalls and filters won’t stop phishing attacks on employees’ home computers (well, not unless all employee home traffic routes directly into the corporate network via VPN.) Nor will it stop employees from typing sensitive company information into social-media sites from Internet-café computers or their cell phones. And how do you keep employees from providing sensitive information over the good-old-fashioned telephone?

Wouldn’t it be better, and perhaps more cost effective, to educate your employees instead of trying to fence them into a world that has no borders?

About the Author

Security Awareness Series—Compliance, Protection, and Your Employees (Part 4)

Abby Jarrett — Thu, 15 Mar 2012 16:21:21 GMT

Current regulations require certain technical and procedural steps be taken to safeguard particular information. However, the regulators have not yet awoken to the fact that uneducated employees may be your biggest weakness.

A recent CISCO study found that 70% of young (under 30) employees admitted to breaking company security policies on a regular basis. Why? To stay connected, of course.

A Verizon study showed that almost a third of information-security breaches are the direct result of employees doing something they shouldn’t have: plugging in an infected thumb drive, providing sensitive information to a bad guy over the phone, sharing a password with a “friend”, clicking on a link in a phishing-attack email message, or holding the door open for a “co-worker” or “contractor”.

What’s a company to do?

Policy development and sign off alone clearly isn’t working, so perhaps a new approach is needed. Maybe your employees need to understand why these policies are in place, and how adherence to them protects their job by ensuring the company has the ability to compete effectively in the future by safeguarding sensitive corporate data. Or turn the training around and show them how their lack of care can result in a loss of a personal item or cherished relationship, or even their own identity theft.

Or you could simply generate more policies.

The “It’s Someone Else’s Problem” Mentality

One of the reasons we’re required to sign off on policy-and-procedure documents is to make each of us aware that we’re part of an organization that needs our help. Unfortunately, the stark reality is that most of us think security is someone else’s problem and happily go about our days. After all, that’s why we have an IT department – that’s what they do! Besides, IT doesn’t help me do my marketing work.

So at work we do things like trust all incoming email (since it came through IT), provide sensitive information over the phone to “IT employees”, travel to virtually any website we can get to without worrying about whether it’s safe, etc. But when online at home, we tend to be much more suspicious and careful. Why? At home, “we” are the IT department. If our home computer gets infected, it’s our problem! If we give out sensitive information over the phone, it could come back to bite us personally. In short, at home we’re responsible for our own security.

In reality, work should be no different. Just because we have an IT staff doesn’t mean we can suspend our security-mindedness. While IT is desperately trying, they cannot be expected to stop every attack.

So think before you click, speak, or type—your IT staff will thank you for it!

About the Author

Security Awareness Series—Compliance and Protection: Why Compliance Isn’t Enough (Part 3)

Abby Jarrett — Fri, 02 Mar 2012 16:03:23 GMT

In my last post, I discussed why policies matter. They do. But in reality, they usually aren’t enough.

Policies and procedures set the minimum standards that need to be followed to ensure compliance. The bad guys know this, and are a step ahead of whatever rules will be written in the future to mitigate the new risk realities. For example, I mentioned that even though Facebook and other social media might be blocked at work, surely you can still get to it from your work desk by pulling out your cell phone.

So, is the risk that Facebook use brings to your network really mitigated? If you plug an infected phone into your work computer to sync up your music files (or worse, work files), the answer is no. You see, the bad guys are already writing viruses that will lay dormant on your cell phone and then jump to your desktop computer once connected. And the damage these hidden programs can do is only limited by the imagination of the attacker. Keyloggers, remote-control programs, traffic sniffers—all scary stuff, indeed.

And that doesn’t even touch on what employees do from their home computers. Several hospitals have had HIPAA violations when workers posted patient information to their Facebook accounts from home. Companies worldwide are grappling with what to do when employees post inflammatory statements about their bosses while sipping a cocktail at home.

So while you may have complied with whichever regulations cover your business, you should really consider a more comprehensive approach. This includes training your employees on how the improper use of social media can damage your organization’s reputation—or worse, compromise sensitive information.

Compliance War Stories

I know of several companies that got Payment Card Industry (PCI) certified, and then got hacked almost immediately—sometimes the very next day! What went wrong? Simple: the bad guys don’t give a hoot about standards and certifications and compliance; they simply look for a way in. While PCI focuses on the network servers and devices that store or handle credit-card information, the bad guy looks at the big picture and searches for the “chink in the armor”. Once he (or she!) finds that point of entry—be it a “test” server, a modem, or a hapless employee—they use that foothold to work across your network, escalating their privileges along the way until the whole house of cards falls and they get what they want.

Companies are wise to take this same big-picture view, securing EVERY system and device on the network and educating their users on current attack vectors.

I once asked a regional bank whether they solely wanted a “checkbox” security assessment to show the regulators they were in compliance, or really wanted to know where their vulnerabilities were. Their answer? “Just the checkbox, please!” At the time, I was shocked someone would say that out loud. But unfortunately, this may be more the rule than the exception. I’ve heard from lots of security folks since then who feel their management has the “ostrich” mentality—and would rather not know where the skeletons are.

Let’s hope your company isn’t one of those!

About the Author

"What Compliance Officers Really Do" Meme

Abby Jarrett — Mon, 27 Feb 2012 14:29:55 GMT

With the “What _______ (job title) Really Do” meme sweeping the social-media world, we felt compelled to add to the mix. These visually stimulating pictures have evoked laughter, common ground, and recognition among professionals in every field from musicians to doctors to construction workers. Since compliance officers and accreditation managers are our forte, we compiled the most common preconceptions of a compliance officer’s role. Please feel free to let us know whether these are spot on or far from your reality.

Oh, and please share with your colleagues—we have a feeling it’ll be a great topic of conversation!

Innovation and Compliance

Abby Jarrett — Fri, 24 Feb 2012 16:30:35 GMT

Can compliance be innovative? Or can innovation inform your compliance program? Can some of the techniques and strategies of the world’s most innovative companies be brought to bear in the field of anti-corruption and anti-bribery?

I thought about those questions, and perhaps some others, while reading the March issue of Fast Company, with a cover title of “The World’s 50 Most Innovative Companies”. In his column, “From the Editor”, Robert Saflan wrote about the “The Lessons of Innovation.” He said in reviewing the Top 50 most innovative company, he drew eight key themes. As I read these I thought about them and their relationship to compliance. So with a tip of the hat to Mr. Saflan, here is my compliance spin on his eight key themes of corporate innovation.

1.      Compliance should be a strategy, not a tactic. Starbucks recognized that profit alone is a “fairly shallow aspiration, and it’s not enduring.” Most people want to do business with companies which do not engage in bribery and corruption. Indeed the UK Bribery Act enshrines this in its Six Principles of an Adequate Procedures by stating that a company should only conduct business with other ethical companies.

2.      Big companies need to be as nimble as small companies. Saflan notes that the top four companies: Apple, Google, Facebook and Amazon.com all continue to “drive the agenda across the global economy.” This should also be true of your compliance program. You need to use the tools available to you to update your risk assessment if you move into new business lines, products or geographical areas. Similarly if one of your competitors comes under anti-corruption scrutiny, you should review any similar practices that your company might have, such as its sales model or vendors in the Supply Chain.

3.      Technology is disruptive in unexpected places. Here Saflan gives the example of LegalZoom, which is “challenging the definition of a law practice” by providing useful legal forms and documents to consumers. In the compliance arena, the number of technological innovations is as broad as it is deep. Companies like Catelas and VisualRisk IQ have developed software products which can allow review and assessment of a large number of data points or other quantitative data. You can even get apps for smartphones which allow submission of expense requests directly to your compliance department.

4.      Compliance is a competitive advantage. Apple has never been publicly reported as going through a Foreign Corrupt Practices Act (FCPA) investigation. What is their stock price today and is it still undervalued? Even when it recently received negative publicity regarding its manufacturing facilities in China, it responded quickly and brought in an outside monitor to assess and report. Apple also annually assesses its third party vendors and makes that report public. Do you think that keeps vendors on their collective toes? You bet it does.

5.      Use of social media makes compliance better. My former speaking cohort, Stephen Martin, then General Counsel for Corpedia, often spoke about Code of Conduct 3.0, which is a web-based interactive tool which helps guide employees through a Code in an interesting and stimulating manner. The same is true of training. You no longer need to simply have a video conference to deliver compliance training around the world. Companies like Click4Compliance have interactive, web-based solutions that you can utilize. I noted above about the smartphone app which allows employees from around the world to submit expense requests to the compliance department and receive an instant response back from an assigned compliance team member.

6.      Data is power. If you don’t document it, you can’t measure it. If you don’t measure it, you can’t assess it. If you don’t assess it, you can’t improve it. That is how an engineer tends to look at things. In the compliance world, if you don’t document it, it never existed (Cue drum roll for: document, document and document). Both are true. You have to document things to prove that you actually did them. But if you do not have data, you cannot determine if your compliance program is successful or improve it.

7.      Money is flowing. Here, Saflan does not mean necessarily that more funding is available. However, in the compliance world what I believe that this means is forces, other than legal compliance, for example: the US Department of Justice (DOJ) or the UK Serious Fraud Office (SFO) enforcements are beginning to drive compliance. Insurance companies have developed insurance coverage for FCPA investigations; D&O insurers are requiring companies to have a compliance program to cover directors and officers sued in shareholder derivative actions based upon admitted FCPA violations; and perhaps most interestingly, banks and other financial institutions are reviewing anti-corruption compliance programs to determine if they meet minimum best practices and then writing maintenance of these programs into their loan covenants.

8.      Copycats are history. Saflan notes that emerging market entrepreneurs aren’t just following the successes of others, they are creating new, distinct models”. In the compliance arena I believe that ‘out-of-the-box’ solutions are no longer best practices. Companies need to assess their specific compliance risks and then design programs to specifically manage those compliance risks. If your company uses a sales model of agents, one type of compliance management strategy may need to be employed. However, if your company is a manufacturing company, which sells through distributors, another compliance management strategy may be required. Do not simply purchase a compliance program off the shelf. Either design it to fit the needs (and realities) of your business model or work with an expert who can do so.

The innovation angle is not one that is usually in the front of the line at compliance conferences or in thinking through compliance programs. But if you listen to Lanny Breuer, Chuck DuRoss or any other DOJ speaker, they continually talk about evolving best practices in anti-corruption compliance. Any reader of Deferred Prosecution Agreements (DPAs) over the past 18 months is well aware of the changes in focus that the DOJ has in these documents. Certainly, many of the compliance techniques are driven by the compliance challenges in the individual companies. But if your company has engaged in mergers and acquisitions, why would it not follow the ‘enhanced’ compliance guidance found in the Johnson & Johnson DPA and train all high risk employees within 12 months of acquisition and perform a full compliance audit, within 18 months of acquisition? So my conclusion is that innovation in the compliance arena is key. As compliance programs mature and as companies mature in their approach to compliance, innovation will continue to lead best practices.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

About the Author

Thomas Fox has practiced law in Houston for 25 years. He is now an independent consultant, assisting companies with FCPA and international transaction issues. He recently published the book Lessons Learned on Compliance and Ethics: The Best from the FCPA Compliance and Ethics Blog, available on Amazon.

Security Awareness Series—Compliance and Protection: Why Policies Matter (Part 2)

Abby Jarrett — Wed, 15 Feb 2012 16:25:02 GMT

There never seems to be an end to the policies and procedures we have to sign off on at work: Ethics. Sexual harassment. Security. Many employees ask, “Is this really necessary?” and “Do we really need to follow them?” While the boss and HR department need employees to sign off so violators can be terminated if they screw up, in actuality, policies and procedures are there for more important reasons: to protect the organization from legal action and to safeguard company information. Let’s take a closer look at one example security policy.

Lots of companies, especially in the financial sector, block social media at work. Many employees think this is borderline inhumane and ask why. In fact, I once heard a new media professor say that he couldn’t understand how a company could block Facebook at work. He said it was basically the equivalent of taking away someone’s cell phone as they walked in the door. I pulled him aside afterward and said, “Where I used to work, not only did they take away our cell phones, but our computer work stations were not even connected to the Internet.” You see, the only way for a company to be fully secure is to do what our intelligence agencies do—no electronic devices come in the door, no removable media comes in the door, entrances are secured with badge machines with PINs and turnstiles, and armed guards watch over things. Oh, and no Internet connection is available once you’re inside.

While this would, of course, be overkill for most companies, each organization must decide where it is on the risk/productivity scale. There’s probably an Internet connection, but if there’s no business justification for Facebook at work, why take the risk of viruses and other malware tumbling out of Facebook and onto employees’ computers? Why take the risk that an employee might type something into the wrong browser window and send sensitive data out to the world? In short, why encourage the mixing of personal and work information?

So, circling back to our policies, they are indeed there for a reason: to protect sensitive corporate information which, by the way, protects company jobs in the grand scheme of things. And yes, we know employees can get Facebook on their cell phones. Just hope they don’t plug them into their computers, or we’re right back where we started!

Does your organization allow access to Facebook in the workplace? If so, is there a policy in place?

About the Author

Security Awareness Series – Compliance and Protection: The Big Picture (Part 1)

Abby Jarrett — Fri, 03 Feb 2012 15:50:27 GMT

Anyone over the age of 50 likely remembers the days when almost all interaction in the workplace was done in person or by telephone. Surely, you knew whom you were dealing with on the other end of the conversation, and since expectations were typically true to form, threats and risks didn’t seem to be much of a concern.

As things have moved to the digital world, however, this has changed. In fact, a major flaw of the design of the Internet is that authentication was not built in—that is, you really don’t know who you’re dealing with at the other end of that e-mail, website, Facebook “friend”, Twitter account, etc. And the bad guys know this.

Just as they continue to pass themselves off in the real world as someone of trust, now they can do so even easier in the virtual world. By adopting their tried-and-true techniques of manipulating your trust from the physical to the virtual world, they have a new launch pad for their attacks on you and your company network.

Couple this with the fact that the bad guys now have a virtual treasure trove of work and personal information at their disposal to sort through to plan theirattacks, and you have a perfect storm for creating and launching new attacks. Just imagine the wicked smile on a burglar’s or spy's face in 2005 if you told him or her that soon there would be almost a billion people posting the intimate details of their lives—where they work, what they do, when they’re on vacation, what their likes and interests are, whom their friends are, etc.

In subsequent posts, we’ll discuss compliance issues as they pertain to this bevy of information, and why compliance might not be enough to protect your organization. Then we’ll discuss a few security issues surrounding social media. Finally, we’ll wrap up with what you need to know to protect your company from the new, sophisticated information attacks on your employees.

Stay tuned!

About the Author

The Importance of Integration and Collaboration within a Compliance Program

Abby Jarrett — Fri, 27 Jan 2012 16:22:30 GMT

There are multiple reasons your organization needs to have a compliance program in place, regardless of your industry or size. Not only is implementing a comprehensive program important—it’s crucial to your success and namesake. The overarching goal and purpose is to ensure all personnel members are acutely aware of their expectations, while adhering to all applicable laws and regulations and averting risks as much as possible.

Compliance professionals often wear multiple hats—simultaneously. From staying up to date on new amendments, analyzing risks, perpetuating ethics, and issuing policies and procedures, keeping on their toes becomes a necessity rather than an option. With ever-changing environments and responsibilities, it’s no wonder these imperative and valuable multi-taskers make up an integral piece of any organization’s puzzle.

To maximize the ROI of the compliance program, it shouldn’t be viewed as a one-man show or standalone department, but a collective effort. Each department should maintain an all-hands-on-deck mentality to achieve objectives in a timely and efficient manner.

Why should you consolidate your efforts?

A successful compliance program incorporates multiple departments, and works in conjunction with all facets of the organization to keep communication and operations flowing constantly. It should be a well-oiled machine, encompassing each critical area, including but not limited to policy and procedure management, standards, and risk assessment, to aid in preventing potential accidents and legal mishaps. Merging efforts will also eliminate any redundancy that accompanies a lack of communication, as well as prevent your organization from venturing into uncharted territories, since multiple people will be aware of any shortcomings.

How do you keep up with it all?

A good place to start is by simply making a detailed flow chart of the steps necessary to integrate each department seamlessly.

1. Generate reports frequently to highlight areas within the compliance program that are right on track, alongside others that may need a facelift. Having figures handy provides the opportunity to pay closer attention to potential areas of concern. Plan, analyze data, and provide recommendations based on findings, if necessary, to boost efficiency.

2. Take a seat at board meetings to stay abreast of current and critical issues across all departments. Integrate and share findings, resources, newly issued provisions—basically anything of value.

3. Work with others to stay keenly aware of any violations, unethical situations, and instances requiring a more watchful eye.

4. Incorporate initiatives to ensure the safety and happiness of personnel is a priority, and all significant issues receive adequate attention.

Go forth and conquer!

One of the most important aspects of integrating with other departments is to paint a clear picture of business-related compliance directives and how they affect all areas of the business. With a structured and clearly defined plan in place, it’s much easier to keep processes running seamlessly.

From the moment the program is launched to being well underway, collaborate, collaborate, and then collaborate some more. If everyone’s marching to the same beat, effectiveness will soon follow.

About the Author

Abby Jarrett has worked in the compliance-management arena for over three years. Her focus and passions reside in identifying effective compliance-management strategies and methods to maximize efficiency. She’s a firm believer that each and every industry should focus on developing and safeguarding critical documents, essential to recognizing areas of potential risk and upholding organizational compliance.

Social Media in Healthcare Infographic

Abby Jarrett — Mon, 16 Jan 2012 18:08:37 GMT

Social media is becoming increasingly more prevalent within the healthcare industry. With more hospitals and doctors joining social-media platforms on a consistent basis, it begs the question of “helpful or harmful”? One thing is certain: clear parameters must be established, so professional and personal lines don’t become blurred.

It’s vital to have a well-diversified and comprehensive social-media policy in place, outlining the dos and don’ts for everyone within your facility. Start reducing risk and liability associated with social media, stat—access renowned medical facilities’ social media policies for their guidelines on getting social.

Embed this image on your site:

The Future of Compliance Management Technology: Looking Ahead in 2012

Abby Jarrett — Mon, 09 Jan 2012 17:55:27 GMT

In this data- and electronic-fueled world we live in, it’s easy to take technological advances for granted. Consuming technology on a daily basis seems like a normal way of life now—owning a smart phone and communicating via email and text message has become so commonplace that it begs the question of, “What’s next!?”

Compliance management technology is no different from any other new advances within the emerging technology realm. Its ever-changing and competitive-driven marketplace evolves at such a rapid rate that software companies have to release new and exciting features regularly to maintain an edge over others.

So how does this translate to you and your role? New developments and software advances only serve to make your job significantly easier and dramatically more efficient—woo hoo!

“How so?” you might ask. Instead of the traditional routine of printing mounds of paperwork for employees to sign, you can import and send critical documents electronically, create collaborative workflows, participate in discussions, collect e-signatures, and more. Not only is all of your data stored electronically, saving you infinite amounts of time and effort, but it can also be stored in the cloud or up in cyberspace where a hard-drive crash will never affect your critical data. Cloud storage will save you multiple headaches and panic attacks down the road.

With the incorporation of new document management software, you and your colleagues have an opportunity to perfect your current management processes. Once a comprehensive plan is implemented, software programs can serve to further enhance the overall outcome, increasing and maintaining compliance for the long haul. Bill Gates said it best:

“The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency.”

With 2012 ahead of us and lots of new techie gadgets and innovations on the horizon, we’re just as anxious as you are to see what lies ahead. Here are our top three compliance software predictions for the year ahead:

1. A mass movement to cloud computing technology. More and more organizations will begin ditching paper files and moving to the cloud for document storage. With the cloud’s sophisticated back-up capabilities, your organization will never lose critical data, no matter what natural disasters may strike.

2. Even further advancements in document management software applications. Maybe software will become so intelligent that it’ll do all the work for you? All joking aside, software developers are busy perfecting applications, including everything from managing industry standards manuals for audit and accreditation purposes to more sophisticated compliance and risk analysis.

3. Electronic signatures becoming increasingly more popular and the favored go-to method for all industries and organizations. More intelligent security methods will be the new norm, safeguarding critical information from possible data breaches.

Here’s hoping 2012 brings you an entirely new breadth of simplicity!

What are your compliance predictions for 2012?

About the Author

Document Management System: Novelty or Necessity?

Abby Jarrett — Mon, 19 Dec 2011 17:47:21 GMT

When you hear someone mention “document management system”, you’re probably thinking, “OK, we have documents, we save them, and send them out when necessary, and that works for us just fine.” Sure, writing, storing, and passing out documents is essential. However, how much time is actually involved in that process? Take a moment to really think about how the entire document dissemination process is carried out. Although it’s probably something that most likely occurs while on autopilot, it may be more of a hassle than you realize.

For instance, someone (or you, perhaps) writes policies and procedures, HR/new-hire documents, and more. Then, this hefty collection of documents is either printed and stored in a file cabinet somewhere, or stored electronically via Microsoft Word or Excel.

It’s imperative to keep all documentation together not only for new hires, but for all personnel. Up-to-date policy and procedure documentation is just as important to have readily accessible as government forms, such as IRS, W-9, W-2, etc. Ever-changing laws are time-consuming enough to deal with, since documentation needs to be updated to promote compliance, thus making it even more difficult to keep track of necessary documentation. Add hours of finding, updating, printing, and sending to the mix, and hassle becomes an understatement.

The bottom line: antiquated methods = valuable time wasted.

Can you really afford to waste precious time? Since you may or may not be OK with the methods you’re currently utilizing to keep track of signed documentation, it’s always nice to know there’s an alternative.

Here are a few positive attributes of using a document management system:

Import documents quickly and easily
Search document libraries instantly, instead of digging through file cabinets or stacks of paper
Test employees to ensure documents are actually read as opposed to “skimmed and signed”
Use automated review triggers and workflows to ensure all critical documents get the attention they need at the right time and by the right people
And generate reports for a quick recap of who’s complying and who has yet to sign off on documents

An overwhelming amount of organizations have embraced numerous types of technology within the workplace – computer tablets, video conferencing, and wireless printers, to name a few. Technology has enabled the global society to be a million times more efficient now than in previous generations (remember when landlines were the only option?). Thankfully, business processes have improved tremendously due to technological advances such as mobile devices, wireless gadgets, and cloud-based solutions.

The demand for technology shifts priorities from a novel concept to a necessity. With critical and confidential data circulating around the workplace, it’s always best to be as cautious as possible, and (whether your boss realizes it yet or not) storing documents in the cloud is a safe and secure method, providing access no matter where you happen to be at the moment.

Even better: with document management options, you can take the storage process one step further and save tons of time, effort, and money – all while increasing compliance.

Simply put, it’s a one-stop-shop. Or, in the words of Charlie Sheen, “Winning”!

Quick Note:

We value feedback immensely. If you have a great idea regarding technology, software features, why a document management system does or doesn’t work for your organization, etc., we’d love to hear about it!