Why is it important to certify digital data and content?

Digital data/content is central to our daily and business life now, whether it be text, images, audio or video. With the advent of the Internet and mobile computing we are avid creators and users of digital content. As creators we are concerned with ensuring what we create whether it is an email, document or image as examples, remains and are used as we intended and are not misused in any way. As consumers of digital information we want to be able to trust in digital content we receive and use, know its source and that it is accurate and authentic. However we all know how easy it is to copy or change digital content/data either accidentally or maliciously. One of the big advantages of the digital world is that digital content/data is easy to view, copy, manipulate and process. Its strength is also its weakness. So the question is how do we protect the integrity of digital content/data we create? And how do we trust digital data and content we receive and use?

Let us consider some of the reasons we need to consider doing more than we do today:

Why we need to certify Digital Data & Content?

·         Want to be able to prove ownership and copyright of digital content

·         Want to know if content published on web site or issued has  been tampered with

·         Want users of content/data to be able to trust it

·         Want to be able to prove to authorities and management that the information is in compliance with process, standards and regulations

·         Want to be able to use it as irrefutable evidence of  ownership and the authenticity of their original content or data as evidence in a court.

·         People, Organisations and 3^rd parties make important decisions based on digital data/content, these decisions can have negative consequences so creating confidence and an audit trail for digital data can create that confidence and history

·         Should there be a question, concern, audit or challenge to the integrity, authenticity and provenance of digital content/data being able to prove beyond doubt these elements will avoid issues and possibly penalties.

How can I quickly and cost effectively create an independently certified record for the provenance, authenticity and integrity of my digital content/data?

Using a service like Digiprove will quickly solve the problem, it is fast to register, use and integrate into your process and software. You can then automatically (Autoprotect), manually or at scheduled time or events ensure some or all of your digital content/data is certified.

A good solution like Digiprove will:

·         Create unique digital fingerprint for each piece of content and/or data using industrial strength encryption algorithms such as SHA-256.

·         Send that fingerprint to the secure independent proof engine in the cloud where it will be date, time and location stamped and combined with your metadata into a digital certificate.

·         All details will be recorded in a traceable and verifiable audit file and the certificate returned to you as well as being stored.

This is in effect your insurance certificate that is fully traceable and can be verified at any time. It is your undisputable evidence that you own the exact content, at a point in time.

That’s all very well, but how do I know the integrity, authenticity and provenance of the digital content/data remains intact and as originally intended and it has not been changed?

There are two key areas that must be considered, and these are covered in the Digiprove technology.

·         Verification of the integrity of digital content/data. You decide how you want to do this, it can be done manually at any time, automatically using “Autoverify” or integrated into your process-application to occur on specific events and/or at specific times with warnings highlighted should there have been a change or tampering. (Positive verification re enforces confidence and trust)

·         Evidence, It’s your digital certificate and the Digiprove record that enable you to prove ownership and integrity beyond all doubt, and in the event there is an incident or case where there has been inappropriate use or tampering you have certainty as to provenance, integrity and authenticity.

 Again using the insurance analysis, your certificates are the evidence you are protected, verification provides the evidence to the assessor of the circumstances that exist at a later point in time, and should there be a legal or regulatory case the authorities can trust.

For more information

Sign-up for a free 1 months trial

 ( https://www.digiprove.com/secure/subscribe.aspx )

Verify content

(https://www.digiprove.com/secure/DigiverifyFile.aspx )

Join entrepreneurs program and integrate Digiprove (http://protect.digiprove.com/entrepreneur-program )

Protect your Wordpress website or Blog (http://wordpress.org/extend/plugins/digiproveblog/)

 

 

Embed Trust, Compliance & Protection in Software & Data

Introduction

Your software whether COTS or Bespoke brings to your client’s or your own organisation the benefits of automation and the flexibility of digital processes & content, these benefits are indirect when you consider the primary drivers are likely to be Improve Financial Performance, Customer or Citizen Service, or carry out tasks that would not be practical to carry out manually.

Software Applications or Information systems are central to the creation and flow of Information in every aspect of business life today, they support every function in the organisation and decision making at every level from the front line or shop floor up to the board room and for external parties.

Your business/organisation is providing these software products and IT solutions to your client’s/end user’s and they are central to their business processes, legal and regulatory compliance. So why is there so much emphasis on printing and signed paper records? The answer is “Trust”. Digital data & content can be easily manipulated accidentally or maliciously even with what would be perceived as good IT security. A professional malicious hacker can circumnavigate most standard security and the use of elaborate security solutions can be very costly and make usability an issue.

How do you bring trust to the digital content your application creates, handles or uses, in a simple cost effective manner? If your software ticks all the boxes below, then you have a compelling proposition, if you don’t tick all the boxes then don’t worry by doing a quick free integration of Digiprove technology or alternatively installing Autoprotect from Digiprove you can secure the trust of any user or 3^rd party in the information your solution provides:

þ Provenance of any digital content can be established (Origin)

þ Digital content can be verified as it is used or at any time on and off line (Tamper evidence)

þ Tamperproof & Auditable logs of content history (Life cycle events)

þ Content does not leave its operating environment (Remains Confidential)

þ Meets Legal and evidential requirements for eDiscovery, Spoilation identification and preservation.

þ Meets business and regulatory requirements for digital signatures, digital records, and Integrity.

þ Creates unique digital fingerprint and certification for any type of digital content.

What Value will the integration of Digiprove into our solution bring?

·         It enables your software solution stand out from the competition by ticking all the boxes above.

·         It enables trust and confidence for all stakeholders in the digital content integrity, its provenance is assured and any tampering identified.

·         It secures the evidential value of digital content for business decisions and for any 3^rd party investigation (which may include eDiscovery)

·         It will enable compliance with 3^rd Party requirements, such as regulators, government & auditors.

·         It will allow you operate without any paper in your process

·         It will differentiate your software solution.

How does Digiprove achieve this? And what is Digiprove’s evidence?

Digiprove is a unique patented technology process that without the need to transmit your digital content to Digiprove, creates a unique digital fingerprint of your digital file(s), it securely registers the fingerprint with the metadata such as owner, Date, Time, Location and creates an audit trail so that should the digital content be altered in anyway it will be evident on verification. Verification can be completed on or off line or can be fully automated using a component from the Digiprove Software Developers Kit.

Our evidence is that we already have over 5000 users and specifically using our SDK it has been integrated into software/solutions with applications in compliance such as Financial Services, Human Resource Management, Financial and legal. In addition The Georgia Technology Institute, the world’s leading authority on Digital Security has tested and verified Digiprove’s technology and here is what they say:

“… the process described in the patent does indeed provide a tamper-proof way to show that digital data has not changed since its timestamp. The process also provides a provision to validate any alteration made after it has been time stamped… the software does faithfully implement the patented 'Digiprove' process providing an authenticated method for establishing proof of existence and possession of digital content of any kind.”

HR Digital Content & SOX compliance

SOX
The Sarbanes–Oxley Act of 2002 was put in place by the US government to protect investors in public companies following a series of corporate and accounting scandals perpetrated in the late 90’s and early 00’s which included Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which cost investors billions of dollars when the share prices of affected companies collapsed, shook public confidence in the nation's securities markets.

Much has been written about these scandals and also SOX and what is now required of Public Companies and their stakeholders to secure societies confidence in the Markets and keep corporate officers and employees out of jail. This piece concerns itself with a specific set of challenges relating to HR  Digital Content used in a public company or for that matter any company, and the role of HR in ensuring best practice for digital content relating to the management of the primary asset of the company “It’s staff”

Section 404, 301,806 & Digital Content

Section 404 of the Act “Assessment of Internal Controls”

In particular section 404 is concerned with the protection of corporate assets. HR in the context of the overall goals of SOX “To protect investors in public companies” contribute to internal controls relating to people that could create significant financial risk for the organisation including employment law litigation and fraud. Employment contract clauses such as non-disclosure, non-solicit, non-compete, IPR & confidential information protection and performance standards are all critical as are the HR processes to control and manage any exposure. Training is another area of importance such as specific job skills, health & safety, and legal obligations the integrity of the training and training records are also central to avoiding potential litigation whether it be commercial, employment law or product/professional indemnity financial exposures. Add to this that rules and policies relating to procurement, expense reporting and commissions all create potential fraud opportunities then we can see HR their processes and digital content make a significant contribution to SOX compliance.

Section 301 & 806: are also key sections where HR digital content is fundamental to compliance and in fact may produce important digital evidence for internal or external scrutiny. The sections refer to the “Whistle-blower” requirements which are usually managed by HR. Creating a trusted Whistle-blower process with integrity may involve digital content of many types including databases, documents, audio and video records. HR must ensure that the process is fair and transparent, it protects the rights of all parties and that there is avoidance of retaliation litigation risk. Not only that but once whistle-blower reports an incident everything in the system becomes potential evidence so as ediscovery finds this evidence the digital forensic chain must be secured.

How can HR in public companies identify and prevent litigation & financial risk?

1.       Identify & List the company’s HR digital assets (versions, time lines etc.)

2.       Perform a Risk analysis and identify those critical digital assets

3.       Identify those critical digital content types and forms that must be protected and controlled through their life cycle.

4.       Ensure that whistle-blowers procedures are digital and evidential friendly

5.       Put in place adequate digital evident and asset authenticity and integrity controls

Identify& implement appropriate software controls as a solution to the digital content/asset protection such as Digiprove.

What are the core features that a simple software solution must have?

·         Establish the authenticity and integrity of digital content on entry into the company’s HR digital world whether created within that world or entering externally whether it be via an electronic communications or scanned solution. (This can be achieved by creating a unique digital fingerprint of the content and meta data such as date, time, location, ownership)

·         Maintain full confidentiality of this HR digital content in that it does not get sent externally outside the companies own controlled digital world to be certified.

·         Create an audit trail for the defined HR digital content and any actions taken on that content.

·         Be able to verify the provenance of any HR digital content once it has been certified and verify if it has been tampered with.

Digiprove products tick all the boxes:

Selfprotect – a simple SaaS on-line service for content and communications

Autoprotect – a simple background utility that automatically protects the identified files and folders.

Completeprotect – includes digital log event certification and audit trail along with autoprotected content. (New Product)

Signasure – enables and protects documents with all types of digital signatures (New Product)

Brokerprove – A standalone solution for SME professional service providers

Embedprotect – A software developer’s kit that enables Digiprove technology to be quickly integrated into a company’s business applications

Data Protection & Digital Content in HR: How To Draft A Policy

http://protect.digiprove.com/human-resources

We know that the aim of a data protection policy is to ensure that employees are aware of their own rights, and of their obligations concerning personal data processed by their employer.  The purpose of a data protection act is to enforce compliance from employers to make sure they carry out their obligations to the employee. So, who is a data protection policy for, and what exactly can it do that benefits a HR department?

A data protection policy is not only for the benefit of full time employees. It could be used to protect contract workers, agency staff and other kinds of workers too. In the HR department, it is particularly important that employee data is protected; especially considering it’s the department that all major employment decisions go through. This kind of data requires high security and proof of authenticity.

How do we go about formulating a data protection policy?

A lot goes into designing a data protection policy, but here are a couple of points to get you started. A general data protection policy should:

·         Identify a person within the organization who will have responsibility for ensuring that the employer complies with data protection regulations. This person will usually be a senior figure in the HR department.

·         It should ensure that employees are fully aware of any data held about them, and that they understand how this data could be used and disclosed. It is normal practice that an organization will use personal data like salary and pensions, and this will be held on an electronic device. The depth of this data could go further, for example employers may keep health records for reference.

It is vital that employee data held on organizational systems can be transparent and trustworthy. That’s where Autoprotect comes in as an asset to the HR department in maintaining legitimacy of files, and supporting their data protection policy.

The above are just two points about what a data protection policy should enforce. For further information, make sure to keep your eyes on our blog.