• More
Menu Search

Information Security and Privacy

Solutions for Data Protection and Compliance

Security on KeyboardData breaches are on the rise, making information security and privacy top priorities for business and IT leaders. Today’s threats are more potent than ever, with employees cited as the primary risk. This trend, coupled with the expansion of data privacy laws around the world, has led to the growing realization that Enterprise Information Management solutions are must-have tools for data protection and regulatory compliance.

  • Overview
  • Business Needs
  • Products
  • Resources

It’s only through a robust Enterprise Information Management strategy and layered, thoughtful security practices that you can protect your organization and its data.

Information security is the practice of defending information – in all forms - from unauthorized access, use, examination, disclosure, modification, copying, moving, or destruction. There are numerous global and industry standards and regulations mandating information security practices for organizations.

Information privacy, or data privacy is the relationship between the collection and dissemination of data and the public expectation of privacy. The safeguarding of personal data is the objective i.e. data about individuals such as contact information, health, financial, and family information; these individuals could be your employees, your customers and other stakeholders. There are various legal, regulatory, political, and technological issues surrounding the issue of data privacy.

Information security and privacy were cited as the top two risk concerns in the AIIM survey and whitepaper - Managing Governance, Risk and Compliance with ECM and BPM, May 2015.

Enterprise Information Management is one of the most important tools for meeting compliance goals, and should be central to your data protection strategy.

Securing information assets within an enterprise requires a comprehensive approach that considers both information states: (1) content at rest and (2) in motion,‎ or data being processed or in use.

Securing content at rest

Securing content at rest starts with identifying where sensitive information resides within your content management system as well as in file servers and personal storage repositories across the organization. Once sensitive content is discovered it can be defended using core capabilities of Enterprise Information Management solutions including:

  • Access controls – Ensure that content is retrievable and usable for those who need it and protected against unauthorized access and alteration from those who don’t.
  • Security classifications - Data classification can be one of the most powerful practices in information security. Applying security classifications such as Top Secret, Secret, Confidential, Restricted, and Public helps ensure information is managed and secured accordingly.
  • Records management – Information security becomes more manageable and realistic when you reduce data volumes. Effective RM programs ensure records are retained according to policy and disposed of when no longer required.
  • Archive Encryption - Information at rest can be vulnerable. Archive Server solutions allow your organization to encrypt its information within the archive.

Securing content in motion and in use

Securing content at rest is a must but alone it is not enough. To deliver its business value, information needs to be accessed, collaborated on, and shared. A comprehensive information security program needs to consider securing content in motion and securing content in use. There are numerous features and controls within Enterprise Information Management solutions to meet these objectives:

  • Secure information exchange – Secure transfer of extremely large files and sensitive business information inside and outside the enterprise with air-tight security and complete audit tracking.
  • Secure communication – Secure emailing of confidential information between employees, customers and partners.
  • Secure electronic fax - Securely track all faxes, inbound and outbound, with an audit trail. Protect privacy by routing inbound faxes to the recipient’s email address.
  • Redaction - Redaction tools mask or remove sensitive data from documents e.g. credit card information for PCI-DSS compliance.
  • Meet privacy requirements - Maintain compliance with HIPAA, PCI-DSS and other privacy regulations
  • Audit trails – Allow content authors and consumers the ability to view the full information lifecycle, all of the actions that have been performed on a document, by whom and when.
  • Email integrity - Email documents to and from the central repository using links to the “single source of the truth”; this prevents the proliferation of duplication of email attachments, protects information integrity, and access controls.

triad

Confidentiality, Integrity and Availability are widely accepted as the Information Security Triad, describing the three core objectives of information security. All OpenText products, solutions, and services are designed, developed, and maintained with security in mind, to provide our customers with assurance that their important assets and information are protected at all times.

Confidentiality

Confidentiality is the application of rules that limits access to information. Confidential information has the highest risk of being compromised with employee records, customer records, and intellectual property being the most impacted by security incidents.

OpenText Brava enables workers to securely view, annotate, redact and transform practically any file – including Microsoft Office documents, PDFs, CAD drawings and images – without needing the native application.

A powerful, fully integrated document management system that delivers the essential capabilities for managing business-critical documents. Ensure the integrity of your content by fine tuning access controls for individuals and groups based on corporate policies.

Obtain desktop and web-based electronic faxing to securely track all faxes, inbound and outbound, with an audit trail. Maintain compliance with HIPAA and other privacy requirements by routing inbound faxes directly to the recipient’s email address.

OpenText PCI Gateway is a dedicated communication gateway built on the OpenText Trading Grid platform, which is certified by a Qualified Security Assessor as PCI compliant. It removes credit card information and other sensitive data, and replaces it with secure tokens.

OpenText SecureMail is a cloud-based secure messaging solution, which integrates directly with your existing Outlook email to provide enhanced encryption, tracking, protection and control of confidential email.

Integrity

Integrity represents the assurance that the information is trustworthy and accurate. Business records provide the evidence to demonstrate regulatory compliance so organizations must be able to attest to the integrity and authenticity of its records.

Audit all document events. Use OpenText Document Management’s comprehensive audit trail functionality to automatically record the date, time and performer of every type of event that can be performed on a document.

Manage how, when and under what circumstances electronic documents can be authored, updated, approved, published and archived to maintain compliance under strict regulatory guidelines such as FDA 21 CFR Part 11.

From creation to consumption, industry leader OpenText Media Management provides a “single source of truth” and a consolidated asset repository for marketing, branding, commerce, video, and global distribution.

Availability

Availability refers to the guarantee of reliable access to the information by authorized people. Availability is a key objective of enterprise information management, with the scope of availability including issues from information exchange to systems of record and records retention.

A fully featured, highly scalable, web-based document management system providing a secure, single repository for organizing and sharing enterprise content. Ensure rapid access to a secure, single source of truth from any device, or any location—web, desktop, or mobile.

OpenText Tempo Box, an integral component of OpenText Content Suite, simplifies the content management experience, and allows users to easily sync, and share information across multiple devices, without sacrificing the records management rigor and security demanded by your organization’s policies and regulations.

OpenText Secure Mail is a cloud-based secure messaging solution for tracking, securing and controlling email messages and attachments. Strengthens compliance programs to protect sensitive information and helps ensure communications only go to the intended recipients.

OpenText Secure MFT is an enterprise-grade managed file transfer solution that delivers uncompromising security to safely exchange large files inside and outside the enterprise, and eliminate the risk of data breach or content loss.

EU General Data Protection Regulation – Are you ready? 
Learn more

Why EIM Should be Central to your Information Security Strategy

Read the Blog Post

OpenText Helps Britannia Hotels Achieve PCI Compliance

Britannia Hotels

Read the Customer Success Story

10 EIM Must Haves for Information Security & Privacy

10 EIM Must Haves

  Download the Infographic

Managing Governance, Risk and Compliance with ECM and BPM

Learn why ECM and BPM should be central to your corporate governance, risk and compliance program.

  Download the AIIM White Paper and Infographic