"Success together through excellence"
office:  212.319.1903

Services:
Data Protection
(Confidential and Regulated)

Why Now

To achieve compliance and reduce risk, today businesses are becoming more data driven. How confidential and regulated data is handled, processed and protected has become a key issue for all businesses.

Every organization must be in total control of “managing the collection, use, accessibility, and storage of all customer, employee, and corporate confidential information in accordance with corporate appropriate policies (privacy, security, confidentiality, etc.) and government regulations.” In today's world:  

      · Corporate confidential information must be managed to ensure
   business strategy, product, and investment earnings security.
· Customer information (including privacy preferences) must be
  treated as a single entity across the organization, kept
  confidential at all business access points, and customers given
  the opportunity to dictate how and when their information
  should be made accessible.
· Employee information must be identified and managed so that
  it is kept in total confidence with limited, authorized access
  while allowing an employee to view his/her information via a
  secure access channel.
· Regulatory and Legislative Specified data must be managed and
  made accessible according to specific rules throughout all
  business processes.

      To avoid the risk of non-compliance and potential officer fraud convictions, all businesses and organizations, no matter what size, must develop and maintain appropriate compliance and confidentiality policies.  These policies must ensure that all the required information, and its processing, is identified and properly managed as defined by the legislation.

Achieving and maintaining compliance requires a major effort.

Every part of your business that uses and/or has access to confidential and/or regulated data is affected and needs to be involved. Careful planning and rigorous project management are the only ways to guarantee that the whole job gets done – accurately and on time. A seamless flow from corporate policy to software enforcement is the answer.

Extensive process and data analysis must be performed. Existing systems may need enhancement to support these new privacy requirements. Databases will have to be updated with correct privacy data.  Your staff needs to be trained.

Non-compliance and misuse of regulated data is punishable by fines and jail-terms, and results in the loss of credibility in the marketplace. The number of corporations and individuals who are being called to task for misuse of confidential and/or regulated data is growing daily as you can see in the news. And when an organization and its respective officers are found guilty, they have received and are receiving significant fines and/or jail terms.

What do we do?

Advantageware assists its clients in:

      • Identifying which data needs to be managed and how; and
Developing a plan and program to manage and protect data to
   achieve compliance according to the applicable regulation.

Advantageware reviews the client’s data to determine which elements need protection and what type of protection is required.  

Once the data elements are identified, they are reviewed and categorized into three main categories:  controlled, guarded, and secured. Each type needs to have its own level of protection to reduce risk and ensure full compliance to applicable regulations.

As a general rule, all data used by an entity must be controlled. Before starting this process, the client will determine exactly how many protection categories are required for their business. Advantageware provides frameworks (data models, plans, polices, etc.), developed basis upon our experience and knowledge, to serve as guidelines to accelerate the effort required to build the required programs.

A Data Protection Model is developed, specifying the required level of protection / security, affected processes and effected data elements.

The required control points and measures are developed for each process that uses a Protected Data Element/String and referenced as part of the Data Protection Model. These are then put into place as part of Confidential and Regulated Data Protection Program.

Advantageware assists clients to successfully create, build / maintain, and manage their Confidential and Regulated Data Protection Solution. No Confidential and Regulated Data Protection Solution engagement is identical. Each needs to conform to a client’s own unique business requirements. And each is built upon our extensive knowledge base.

Advantageware can assist clients to: 

      • Develop a plan and program to manage and protect data to
   achieve compliance according to the applicable regulation. Help
   formulate Confidential and Regulated Data Protection Task
   Force goals and develop the Task Force Project Plan.
Develop a plan and program to manage and protect
data to
   achieve compliance according to the applicable regulation.
   Assess current data protection policies and practices at the
   appropriate level: corporate, business area, strategic partner,
   and customer. Examine business processes, related manual
   and automated systems, and corporate technology
   infrastructure.
Develop a plan and program to manage and protect data to
   achieve compliance according to the applicable
regulation.
Develop the Confidential and Regulated Data Protection
   Solution Model. Incorporate the exact client specified number
   of protection levels.
Construct business Confidential and Regulated Data
   Protection Solution requirements.
• Develop the Confidential and Regulated Data Protection
   Solution Model.

Develop strategies to implement system and data changes
   required to implement the Confidential and Regulated Data
   Protection Solution.
Develop and present findings, open issues, recommendations.
Develop "real world" plans.
Help write and/or update corporate policies for confidential
   and regulated data protection.
Integrate the solution into business, operational and
   technology infrastructures.
Develop Training Programs and related tools.
Train staff.

      How we do this

Implementing a successful Confidential and Regulated Data Protection Solution is a team effort. It is important that all appropriate client personnel be involved as required so that the total solution can be achieved quickly and cost effectively.

Advantageware first works with clients to determine the project scope, identifying goals, objectives, risks, and constraints. Once the project scope is established, a project plan is developed. Advantageware uses a structured work approach and solid project management practices which facilitate communication throughout the entire project effort. We carefully plan and staff all of our engagements, identifying milestones, deliverables, dates, and risks. With each risk, we try to predict impact and define a contingency plan. We also use various proprietary data models,  methodologies, techniques, and tools as we carefully complete our work activities. 

Advantageware gives its clients two ways to implement the proposed solution. 

· Advantageware can partner with the client and work with them
  on an "as-assigned" basis. The client would manage the project
  and Advantageware would supply staff with the appropriate
  business/technical knowledge and experience on an as-assigned
  basis. 
· Advantageware can also deliver pieces of the solution on a
  project basis. When the proposed project plan is completed,
  the client can make the business decision of whether or not to
  vend-out portions of the total effort. At that time,
  Advantageware will develop time and cost estimates and
  present a proposal.

In both cases, Advantageware will assist the client's staff to integrate the engagement work products produced into their own environment. We train the staff as required.

Success Stories

International Bank

Advantageware worked with Global Customer Communications Unit to develop a new Customer Service Model that ensures that new and future privacy, security laws and regulations are easily maintained and incorporated into all Customer Service functions. As part of this effort, performed and presented the results of a Training Survey to executive management. Developed: training measures and related baselines, required training plans and related training materials, and computerized work-aids to facilitate proper customer contact and personal data usage records.  Conducted initial training programs and trained the trainers. Performed follow-up assessments to determine training effectiveness and made recommendations for improvements.

International Bank

Advantageware worked with Retail Sector business and technical staff to determine the scope of the work to be performed to comply with the bank's new privacy policy. This required examining manual business processes and their related automated systems. Constructed the "what-is" data and produced the process blueprint. Performed a GAP analysis comparing the old data models to the new privacy data models. Assisted the client's staff in performing a GAP Analysis of the existing systems and related infrastructure. Created data and process reengineering strategies. Developed alternative solutions and related recommendations. Presented findings and recommendations. Working with client to implement data and system level remedies and providing Office of the Project support.

e-Broker

Advantageware performed a Privacy Policy Audit. Reviewed the existing policy, strategic partner contracts to determine "information sharing commitments", and current privacy practices. Identified privacy policy violations and made system, data, and process recommendations to correct the conditions and prevent future violations. As a subsequent engagement, corrected the Privacy Policies and related policy statements. Developed, presented, and implemented the proposed recommendations, which have made the client 100% compliant. 

 pTop


Specialties

Business Solution Delivery
  (Internal or 3rd Party)
Compliance

Data Auditing
Data Protection (Confidential
   and Regulated)
Data Quality
Proprietary Software
Special Engagements
Subject Matter Experts