Document Redaction in Box

Advertisements

GDPR and Documents: Defining a Strategy

GDPR Strategy

A Document-centric Strategy for GDPR Compliance

With the effective date for the new General Data Protection Regulation (GDPR) fast approaching, now is the time to put in a solid strategy when it comes to documents and images.  Organizations not only need to implement process and procedure for handling private information, but also need a firm evaluation of “current state” to understand high risk areas of their business and their understand their exposure. Below are the four key steps, as outlined by Microsoft’s GDPR Strategy, and how you can incorporate a document-centric view within your plan:

 

GDPR Document DiscoveryDiscover

 

Discovery will probably be the most challenging step when it comes to documents and GDPR.  When it comes to the enterprise, the vast majority have a large number of document repositories.  Just think of the modern workplace, and all the locations where documents reside:

  • Network folders
  • Local folders
  • Sync technologies like Box, OneDrive, Dropbox, Google Drive
  • Corporate Enterprise Content Management (ECM) and Document Management (DM) systems
  • Line of Business systems that house documents
  • Email & attachments

The ability to crawl and identify high risk entities within these locations is critical for compliance.  Here is a checklist of required functionality when in comes to a technical solution:

  • Two-phase Identification – most of the technologies on the market just use pattern matching to identify personal information within documents.  This can be problematic, and burden staff with false-positives, and require immense time requirements to validate.  With two-phase identification systems (like Ephesoft), documents are first classified as a  certain type: agreement, application, correspondence, etc.  This classification can be configured for an organization’s specific document requirements, and can immdeiately ID a document as high risk.  The second phase of risk identification is pattern matching, fuzzy DB correlation and key value searching.  This two-phase approach is absolutely required for accuracy and high confidence.
  • Optical Character Recognition (OCR) – images can be a very high risk type of document.  In order to properly evaluate an image for risk, there needs to be a text conversion process.  It goes much further than that, the application also needs a voting and confidence engine.  Images vary in quality, and a fax or “copy of a copy” can be problematic.  With a confidence flag on both the overall document and identified private information, images can be graded on overall quality, and quality of data.
  • Open Architecture – proprietary systems cannot meet all the requirements that will be necessary for GDPR Discovery, and most organizations will need ulitmate flexibility to modify and customize software for their unique needs and requirements.  Using modular and open platforms will guarantee the best solution and fit for your needs.
  • Machine Learning – using a system that gets smarter with each day of use is required in today’s modern world.  A GDPR Machine Learning system can learn new high risk documents, and evolve as an organization changes.

 

GDPR Document ManagementManage

 

Once a GDPR document inventory is complete, and an organization understands their areas of document risk and exposure, a plan can be put in place to manage and govern the assets of their data subjects.  This phase or step within your GDPR document strategy can include the following:

  • Migrating high risk documents to a managed repository – if high risk documents exist outside of a governed and managed repository, the same tool that can help in discovery can also help with migration.  As documents are classified, metadata can also be extracted, and the document moved into a new or existing system of record.  You can see an example of contract migration to SharePoint Online here:  Migrating Contracts and Data to SharePoint.
  • Implementing an intelligent document transport layer – creating a repeatable, standardized process for document ingestion and processing can flag new documents as they enter an organization’s digital realm.  This insures proper governance, and placement of high risk assets.

 

GDPR Document ProtectionProtect

 

In the protection step, organizations need to put security controls on all documents deemed as high risk.  But the protection step also requires thought on future documents, and protecting new private assets.  As outlined in “Manage”, an effective document transport technology will identify and route newly ingested documents to a protected resting place.  Organizations also need to implement real-time controls for high risk identification and classification.  Here are some examples:

  • Constantly discover – you can protect those documents that are in your managed repository, but what about newly generated personal data?  As new policies and procedures are implemented, organizations need to use their discovery technology to constantly monitor and find new high risk entities.
  • Embed classification technology –  enabling detection in your everyday applications can reduce risk, and insure compliance.  Modern classification platforms have web services enabled in cloud and on premise solutions to help.  You can see an example here:  Real-time GDPR Scanning and Detection in SharePoint

 

GDPR Reporting ToolReport

 

The new GDPR standard is all about accurate record keeping, which provides transparency and overall accountability.  Knowing all the document types that can be classified as having personal information, and the processes around them, are critical to insure compliance.  An audit of policies and procedures is sure to require records of document creation, or ingestion, how it was handled, and where it was ultimately placed under management.  All of the technologies mentioned in this article have broad reporting and analytics capabilities.

GDPR Analytics and Reporting
GDPR Dashboard in Ephesoft Insight

With the complexities of GDPR, standard reporting wont suffice in most cases, and the ability to perform deep analytics to track and identify key data and documents will be a requirement.

Just a quick post on strategy for GDPR when it comes to the unstructured content that lives within documents.  Let me know  your thoughts on the topic.

Contract Management: Ephesoft and SharePoint Online

SharePoint Contract Management

Capturing Contract Data for Analysis

We have had several requests recently to show how we can help in processing contracts and extracting metadata.  The below video uses Ephesoft Transact in two ways to process contracts:

  1.  Extracting historical contract data for analysis.  In example one, we utilize Ephesoft to import  contract PDFs, classify them, and then extract pertinent data for routing to a SharePoint Contract library.
  2.  Routing and archiving new, inbound contracts.  This example brings in contracts from email, folders and other sources and classifies them, the places the contracts and data within a SharePoint Contract library.

Here is the overall Contract Management Solution:

 

 

GDPR and Documents: Insight Analytics

GDPR for Documents

GDPR Solution for Documents and Images

As the looming deadline for GDPR approaches, companies are searching for solutions to address numerous challenges.  One of the most difficult is historical digital documents.  With most large, global organizations having at least 10+ repositories, how can you engage in efficient discovery to find high risk data in the form of documents?  This video shows the power of Ephesoft’s GDPR Solution for Documents, Insight.

 

Dynamics, Ephesoft & Flow: Document Driven Intelligent Automation

ERP Document Automation

Using Unstructured Content to Drive Efficiency in ERP/CRM Systems

Let’s face it, manual data entry is an efficiency killer.   And in the world of ERP and CRM systems, the amount of data required to properly create an entity (Accounts, Contacts, Agreements, Work Orders, Scheduling, Tasks, etc.) can be mind numbing.   Manual data entry is a distraction from more important work, and is often accomplished in a rushed, “just get it done” state.  This leads to errors and skipped fields that can be important to an organization’s analytics and data strategy.  How many important fields in your own system are blank?  Are records properly related?  Automating these mundane tasks has 3 core benefits:

  1. Standardization – using automated technology provides a standardized process, where business rules are applied to every instance, and exceptions can be handled in a rapid manner.
  2. Repeatable – automation creates a repeatable process that can be accomplished any time, any where, regardless of how it is initiated, or the source of the process.
  3. Efficiency – creating an automated process improves overall turnaround time, creates efficiency in business and reduces errors (See more on the true impact of errors here: 1-10-100: The True Cost of Errors.

In a recent study by CapGemini, 86% of respondents agreed that process automation can reduce costs and risk, and aids in compliance. 89% believed that using process automation increases the quality of work.  So we know the downside of manual entry, and we know the upside of automation.  What is the shortest path to a solution?  I would argue documents.

In the demo video below, I use a signed agreement (In the form of a PDF), to drive automation.  The solution uses Ephesoft to classify the agreement type and extract all the pertinent data.  It then uses a combination of Microsoft SharePoint and Flow to facilitate the auto-creation of Dynamics CRM entities, with zero manual data entry.  You can watch the overview and video below:

 

This is just a sample of how the technology can work for you.  Comments?

Unstructured Data and the Cloud: The Benefits of Capture as a Service

Document Capture & Analytics in the Cloud

We launched the first fully functional Capture as a Service (CaaS) offering in Microsoft Azure this week at the Microsoft Inspire Partner Conference.  We were helped along the way by one of our larger partners, that had high demand for Capture as a Service, and we were seeing more and more requests for the intelligent processing of unstructured data in the Cloud.   Below are some core benefits of our cloud offering:

Cloud OCR Services

Time to Value – On-premise software implementations can be a long-term journey and require additional budget for hardware, IT resource time and long budget cycles for capital expenditure approvals.  With the Ephesoft Transact Cloud, your time to value is minimized and your intelligent capture platform can be up and running in a fraction of the time.  Want to see how you can calculate a quick ROI on CaaS?  See our recorded webinar here: The Ephesoft Effect

 

Cloud Scanning Services

Cost of Ownership – Software as a Service (SaaS) reduces the overall solution cost of ownership by including support, and eliminating the need for hardware, backups, monitoring, dedicated administration and overall management.  By including these costs in one recurring fee, complexity and overhead are reduced, and IT spend becomes more predictable.

 

Competitiveness – No longer is intelligent document capture only for large organizations Cloud Document Data Extractionwith an army of IT folks.  Now smaller organizations can have access to enterprise-class technology, and glean the all the advantages and efficiency to stay competitive, and challenge their larger rivals.

 

Gartner estimates that the annual cost of owning and managing software applications can be as much as four times the cost of the initial purchase.

 

SDK and APIs For Cloud Scanning and CaptureAccess to Innovation – with SaaS, access to the latest and greatest software is included.  As Ephesoft improves its processing engine, you can immediately take advantage of the added efficiency.   Your subscription provides continuous value, and appreciates over time as more features and functionality are added.

 

Azure OCR ServicesScalability and Agility – the Ephesoft Transact Cloud is built for maximum scalability and agility.  You can easily add more cores, features and processing power, depending on your requirements and needs.  You can start small, and grow with our flexible subscription model.

 

Cloud Document AnalyticsCapture Anywhere – with the Ephesoft Cloud provides intelligent document capture anywhere, on any device.  You can automate document processes with a browser, a smart phone or a tablet.  This allows todays distributed workforce to access all the benefits Ephesoft can provide.

 

Read more on our offering in the Cloud here:  Unlocking Unstructured Data: Document Capture, OCR and Scanning in the Cloud