The Case for Compliance Automation

Problem Statement

A Global Bank (“Bank”) performed an internal audit of its voice infrastructure that revealed many compliance violations. They had 600 assets deployed around the world consisting of  PBXs, Gateways, SBCs, Contact Center etc. that powered their UC and CC users. In all, they  had 100,000 Unified Collaboration (UC) seat and 10,000 Call Center (CC) agents. It was also revealed that they made 100s of administrative changes on a weekly basis to their global UC/CC infrastructure which was a major contributor to the compliance violations.

Since finding the reported violations, the Bank took all the necessary and appropriate steps to enforce compliance. It defined many policies and controls. It enforced them manually but soon realized that manual enforcement was not a sustainable model. It was fraught with risks. It was apparent, they need to automate their compliance.

After careful analysis, the Bank selected Assertion Compliance Studio platform (“Assertion”) to automate the auditing and reporting process.

Solution

Using Assertion’s Trustbot architecture, over 300 custom controls defined in the Bank’s policy documents were automated. Below is a small sample of the controls that Assertion automated:

  • User Access: user to user profile mapping. Account policy and ageing
  • User profile to permission matrix (for some products this exceeded 500 fields)
  • Environment sanity: backup, patch level, OS version, SNMP status, Firewall status etc.
  • Platform: hypervisor based information
  • Sanction calling: incoming and outgoing calls to embargo countries
  • Privacy: personally identifiable information
  • Security: blocking unlimited access to trunks, blocking secondary dial tones (untraceable calls) enabling security and encryption, session timeout, certificate managment.
  • Billing/reporting: CDR format, buffer, link status.

The unique value proposition of Assertion Compliance Studio lies in:

  • A single platform to assess compliance: Assertion Compliance Studio integrated with all their worldwide assets to continuously assess compliance.
  • Plug & play TrustBot : A TrustBot is a collection of controls. An authority document that defines a regulation contains a set of controls. Thus, there is a 1:1 relationship between an authority document and a Trustbot. As businesses evolve, enterprises will be required to comply with more and more regulations. With the plug and play Trustbot architecture, one would simply add a new Trustbot to the platform and kick off the compliance assessment for the new regulation.
  • Voice, video and configurations for UC & CC: Compliance Studio integrates with all the UC and CC applications to process configurations, voice and video structured and unstructured data for enforcing compliance.
  • Dashboards, Reports & Notifications: Compliance Studio provided live, customizable, trending dashboards and reports. It also generated autonomous notifications in the form of SMS and Email guaranteeing real-time and continuous compliance.
  • Cloud and on-premise deployments are supported.
  • A flexible design: Compliance Studio is cloud enabled, scalable, tamper-proof, modular and easily extensible.

Benefits

The benefits of automating compliance are far-reaching and rely on organizations to be fully committed to adjusting their business processes to provide the most value.  The Bank found several benefits, some of which are:

  • Significant cost savings when compared to manual compliance
  • Free up the human resources for other tasks.
  • Effective second line of defense
  • Continuous compliance
  • Ability to generate enterprise-level compliance reports
  • On-demand tamper-proof audit reports

Total Cost of Ownership

The Bank’s Total cost of ownership (TCO) is displayed in the following graphic:

 

Conclusion

What used to take weeks, now gets done in minutes. Assertion made it easy for us to reach new levels in compliance maturity” – Head of Enterprise Applications at the Bank.

The above quote sums up the value proposition for compliance automation. Assertion is a unique product in that it addresses a dire need for compliance automation. It enables enterprises to achieve continuous compliance, proactively address violations, avoid fines and protect reputation.