FACSys and ‘Compliancy’ Microsoft Windows Server 2003 with Share Point and FACSys can assist your compliancy efforts!

Who knows what these terms mean?

• HIPAA• SOX• SEC Rule 17a-4 • DoD 5015.2-STD• NASD • The Food and Drug Administration’s Title 21, Part 11• U.S. National Archives & Records Administration General

Records Schedule 20 (GRS20) • The European Directive on Data Protection

Not knowing could be costly!

It is the LAW!

In December 2002, The Securities and Exchange Commission, the New York Stock Exchange and NASD fined five firms a total of $8.25 million for failure to preserve e-mail communications.

Each of the firms consented (without admitting or denying the allegations) to findings that each failed to preserve for a period of three years, and/or preserve in an accessible place for two years, electronic communications relating to the business of the firm, including interoffice memoranda and communications.

• And that includes FAX messages!

Just so you know next time someone asks you:

• HIPAA (Healthcare Insurance Portability and Accountability Act) and Gramm-Leach-Bliley are US privacy laws that regulate access to personal medical information. HIPAA, for example, regulates communications between patients, insurers and health care providers.

• SOX: The Sarbanes-Oxley Act creates new disclosure requirements for US public companies as well as new certification responsibilities for CEOs and CFOs.

• If your book of business includes any publicly traded companies this may apply to you as well.

• SEC Rule 17a-4 requires that all US financial institutions retain electronic documents — including e-mail and instant messaging — for at least six years.

• Do you write insurance policies or do legal work for financial institutions?

• DoD 5015.2-STD, “Design Criteria Standard for Electronic Records Management Software Applications,” provides implementing and procedural guidance on the management of records in the US Department of Defense.

• e-Mail and fax messages are treated the same as any other record.

• NASD (National Association of Securities Dealers) Rules 3010 and 3110 govern archive regulations for brokerages buying and selling stock on the NASDAQ.

• (point of interest: NASD is a BIG FACSys user)

• another Point of Interest:

• Microsoft® is listed on NASDAQ and they have four FACSys servers and 50,000 client licenses in Redmond. (since 1995)

• The Food and Drug Administration’s Title 21, Part 11– requires the preservation of all electronic

records.

• U.S. National Archives & Records Administration General Records Schedule 20 (GRS20)

• manages rules for capturing and storing official government records. Some records need “disposition approval” and can only be authorized for erasure or deletion when an agency authority determines that they are no longer needed for administrative, legal, audit or other operational purposes.

• The European Directive on Data Protection provides regional requirements and country-specific implementations by member states.

• This law means that individuals have entitlements to access their personal data kept on file, within a defined time-scale (either electronically or in hard copy). It also covers use of data including to whom the data can be passed or how it is used.

What has this got to do with your faxes?

• Paper documents (from that manual fax machine) are difficult to store, retrieve and index.

• Electronic documents are a breeze to manage and retain their quality through a workflow.

• You already use e-Mail and may be required to archive, index and retrieve these messages to be in ‘compliance’.

• So why not store your faxes in your e-mail system? or• in an electronic document management system?or• In SharePoint so they are easy to index, file and retrieve!• and easier to transmit and receive.

How does FACSys help you to be ‘compliant’?

1. Fax enabling applications

2. Fax enabling e-mail

3. Fax enabling document management systems

• Fax enabling applications– “print to fax” from the application– “e-mail to fax” from the application– customized faxing with AFM-SDK

• Fax enabling e-mail– inbound and outbound– with MS Exchange or Lotus Notes

(as of FACSys 4.91)– with any SMTP mail system including

Outlook Express, Gmail, Netscape Mail, Eudora, Hotmail

– any ISP POP mail account.

Fax enabling document management systems• FACSys does not have a built-in document

management system because– there are already about 100 of them.– Share Point does the job.

• Many are very industry specific• and FACSys can fax-enable them ALL anyway!• How?

• FACSys stores an industry standard TIF image file which all document managements systems can read

• With version 4.9, FACSys can convert the TIF to a PDF and deliver it to your e-mail or

• to a networked ARCHIVE folder or Share Point or an FTP site.

• including the image along with a UNIQUE message identifier as ‘meta data’.

• As a DAT file or an XML File

start=10/05/2004 11:30:24 source=fax originalpagecount=1 RemoteId=Peter Mittler RoutingInfo=Peter

Meta data DAT example

• Meta data XML - PDF example

• Doc-management “ready”

<?xm version='1.0' encoding='utf-8'?> <!-- Inbound Fax Metadata  --> - <FACSysFaxMetadata>  <DateTime>04/20/2005 18:52:50</DateTime>   <Source>fax</Source>   <MessageId>22219</MessageId>   <TotalPageCount>1</TotalPageCount>   <Status>Completed successfully</Status>   <OffHookTime>17</OffHookTime>   <RemoteId>FACSys Server</RemoteId>   <RoutingInfo>6773</RoutingInfo>   <Server>ANNEX</Server>   <TransactionId>ANNEX_20050420185250_22219</TransactionId>   <Attachment Path="C:\ArchiveTest\ANNEX_20050420185250_22219.pdf" Type="PDF" />   </FACSysFaxMetadata>

• Any document management system can extract this information, index it and store it.

• It will work with system you already have or one you may acquire in the future.

• No Doc Management system yet? – Store the faxes for future incorporation to a system.

Which means to you…

That facilitates ‘compliancy’

and the real benefit to you is piece of mind that all those fax messages are retrievable from wherever you are without pulling paper files

from archival filing cabinets and then photocopying for days!

• By itself, no faxserver will make your company ‘compliant’.

• It requires a ‘mind-set’ to ensure that all the pieces of your messaging system deliver compliancy requirements in your particular business area.

• Our mission here was to get you thinking about compliancy and how a faxserver contributes to that goal.

• emFAST Inc. has added features to FACSys to assist you in this endeavor.

• Need more information?

• White Papers– How faxservers & fax technologies fit SB IT

• (http://download.emfast.com/doc/How_faxservers_&_fax_technologies_fit_SB_IT.pdf)

– FACSys and HIPAA • (http://download.emfast.com/doc/FACSys_and_HIPAA.pdf)

• emFAST Website www.emfast.com• FACSys Website www.facsys.com• FACSys Support Site www.faxserversupport.com• FACSys Training http://www.faxserversupport.com/fast_training.htm

Reference Information

Thanks for your time today!