Digital transformation in the face of fear

Featured

A lot of the trepidation around digital transformation comes from misnomers & misunderstandings around what it is. We shed some light & offer professional tips to help make the process more doable than daunting.

Whether it’s because you don’t feel ready for disruption, don’t know how worthwhile it is for your business, or you’ve actually tried digital transformation before and failed, you are not alone in your fear of it.

IT experts regard digital transformation (also referred to as DT or DX) as an absolute necessity, given the globalisation and mobility that underpins modern-day business.

But, despite digital transformation being a vital part of companies’ future, many are resistant to it. Change can be scary. Digitalisation is new, daunting and often not seen by businesses as a necessity – and so put on the backburner or pushed to the curb entirely.

Undoubtedly, much of this fear factor stems from misnomers, myths and misunderstandings around what digital transformation actually is, and what it entails.

DX Debunked

To understand what digital transformation is, let’s first look at what it is not.

•             DX is not an immediate change; it is a shift in how you conduct your business – in the long term and going forward. Think of it like a lifestyle change, rather than a crash diet – which it’s no secret, never works.

•             DX is not an IT project; it is a fundamental and gradual paradigm shift that must be understood and taken on board by the entire crew. Businesses cannot designate DX to their IT departments and expect it to transform the way non-IT employees work. Maximum productivity and efficiency require maximum buy-in.

•             DX is not about hanging on to processes because they have worked and been effective in the past, because – in today’s business world – the case is quite the contrary. The “tried and tested” methods of yesterday are outdated, ineffective and cumbersome. This has been proven.

DX Demystified

DX is about how businesses use modern-day technology and processes, in conjunction with their resources, to optimise performance and deliver supreme value to the demanding and digital-savvy consumer of today.

US-based research company, International Data Corporation (IDC), describes DX as, “[The process of] applying new technologies to radically change processes, customer experience, and value.”

Echoing our earlier point that DX is not about solving new problems with old solutions, the company says, “DX allows organisations to become Digital Native Enterprises that support innovation and digital disruption rather than enhancing existing technologies and models.”

In one of SigniFlow’s previous articles, on customer satisfaction – which is one of the profit pinnacles of DX – we said, “Digital transformation is essentially the implementation of new technology and software tools, primarily reliant on cloud computing, to the end of solving problems and delivering solutions faster, with less operating inefficiencies and costs.”

“Organisations that have advanced to the ‘Digital Transformer’ stage are rapidly pulling away from the rest – creating the beginning of a rift that will ultimately leave organizations on either side of the thrivers or survivors.”

IDC

Top tips

Now that we’ve covered the what of DX, here are some pointers on the part that has many businesses befuddled – the how.

Founder and executive director of SigniFlow, Leon van der Merwe, and SigniFlow Americas CEO, Laila Robak, share some tips on how businesses should think – and go – about digital transformation. 

  1. More than IT: It is important to bear in mind that DX is not an IT project; it affects the entire business. DX should not be perceived as uniquely an IT project. We have seen this a number of time with our customers – DX projects are actually led by other departments, such as HR, Legal and Sales, which require efficient and safe processes.
  2. Total buy-in: You need to get buy-in from all stakeholders, from the get-go. Too often we see an IT or business department buying in to a digitisation project, only to find at a later stage that Legal, HR or Architecture were all affected by the project, yet knew nothing about it. This can cause major delays to the project, while implementation could have already started. Think about everyone who will be affected by the project and involve them from the start.
  3. Fear not: Don’t be afraid to take some calculated risks. Any project comes with associated risks and, no matter how much time is spent defining requirements, no one can never be 100% accurate. Adopt an agile approach and use CI/CD practices to minimise the cost of being wrong, rather than spending weeks – or even months – on trying to be right.  
  4. The human element: Nothing changes overnight, especially not people. Good DX systems simply assist humans to work more efficiently. The idea with digitisation is not to get rid of humans, but rather to make them more effective and accurate in their work, so the business can cope with expansion.
    However, humans take time to adapt, to understand and to learn the new processes that have been edged into their everyday lives. Once a process is automated, give the employees time to catch up and understand how things should be done going forward. Give them training and let them see how technology can help them do things better and faster than ever before.
  5. Digital nation: Instil a digital culture in the workplace. Ensure that a digital culture is promoted from the top, down. Put marketing material up against the office walls, promoting employees to “think digital”, even before digitisation starts. Most failed digitisation projects are as a result of employees and executive members not buying in. It is critical that everyone in the business sees the advantages of digitisation, and shares in the vision of the company.
  6. Rome wasn’t built in a day: Do not try to digitise the entire business in one go. Pick a few processes that make sense to start with, and digitise only them. As soon as employees start experiencing the advantages of the new systems first-hand, they will want more and will assist and push to have the rest of the processes digitised.
  7. Never-ending story: Digitisation is never done. Ever. Digitising processes takes time and – once this is done – improving on initial process designs is never-ending.

[REFERENCES]

  1. IDC – Digital Transformation (DX) Research
  2. SigniFlow – Customer satisfaction in the 21st Century: Is your business digitally equipped?             

International firm opens office in Horsham

Featured

Published by West Sussex County Times on 15 November 2019

SigniFlow Directors AGS 2019

After opening their first UK office in Horsham on September 1, SigniFlow, celebrated in style this week, by holding their official launch event at the South Lodge Hotel.

With SigniFlow top management flying in from South Africa, Australia and the United States to attend, there was no doubt as to the significance of the UK launch for this international company.

South African director, Leon Van Der Merwe, was quick to commend the warm reception the team received from the Horsham business community, before asserting that ‘modern businesses had to move forward with technology in order to survive in the modern world’.

Attended by many of SigniFlow’s existing Sussex customers, along with local businesses keen to modernize their procedures and increase productivity, the launch event was abuzz with talk of digital innovation. SigniFlow, which has its roots in South Africa, rapidly reduces the costs, time and money spent on processing, managing and physically signing paper documents, through the use of unique, legally approved cryptographic digital signatures.

“Located in the heart of Sussex, with the county being widely recognised as being a hub for technology and digital advancement, Horsham is the perfect fit for us,” said Greig Orrell, Director of GB and EU Sales and Business Development. “Our worldwide ethos is to support our local and regional communities and our Horsham team will be expanding in the months to come. This is the first of many satellite offices, and we look forward to seeing our team continue to develop and grow accordingly, as they have across the world.”

Already benefiting from SigniFlow’s next generation E-Signer and Document Management technology, Anthony Neal from Maylark Property Management, was keen to talk about how the solution had already worked for their business, just months after deployment. “This unique system has saved us a huge amount of time and its ability to track, file and document our workflows is impressive. All signature requiring documents can now be emailed, and our clients are able to securely and digitally sign the paperwork without the need for an appointment. And, we can access this web-based service from all of our phones, iPad or PCs, so we can respond and sign paperwork whilst out of the office too.”

Recently lauded as being one of the most revolutionary women in IT security, SigniFlow Americas CEO Laila Robak – who is also head of SigniFlow’s cyber security development – is a firm believer in the “better safe than sorry” approach when it comes to the security of companies’ data. And for businesses that do have cyber security as one of their primary concerns, SigniFlow has you covered, with solutions that have been developed by some of the greatest minds in the information technology arena.

For more information and a free trial of the SigniFlow solution, please contact Greig Orrell on 07395 650738, email uk@signiflow.com , or visit http://www.signiflow.co.uk.

New fintech partnership to escalate RapidLEI growth in South Africa

Featured

Innovative new partnership sees LEIs encapsulated in digital signing applications.

South Africa-based customer communications company, PBSA, and UK-based Legal Entity Identifier (LEI) innovator, RapidLEI, today announced a strategic partnership that will see PBSA become a regional Registration Agent (RA) for RapidLEI as well as build LEI support into its signing solutions.

RapidLEI was launched in 2018 by Ubisecure and has been taking the world by storm through a growing network of global partners, with PBSA representing the next stage in this continued expansion. RapidLEI’s pioneering automatic LEI issuance process sees it reduced from a few days to a few minutes. With regulation mandating the use of LEIs and new use cases now benefitting from the identity assurance LEIs can offer, this G20-endorsed organisation identifier is already achieving mass adoption and shows no sign of slowing down.

PBSA, as a RapidLEI Registration Agent, will meet client demand for LEIs in South Africa, as well as offering LEIs in other regions they are expanding to, such as Europe and the USA, via their SigniFlow brand.

The RapidLEI solution makes LEIs available through a SaaS service or API. The API allows third party developers to build same-session LEI issuance into their applications, which will be used to its full extent by PBSA in the first stage of this collaboration. While strong identities like BankID & eID are beginning to be used to digitally sign documents, this new partnership adds organisational identity to the digital seal in the form of an LEI. Encapsulating the LEI in the company seal gives the other party the opportunity to check identities against a live global company database – verifying which company signed this document, and also their parent company/group structure.

After this initial phase of the partnership, PBSA and Ubisecure plan to collaborate further on additional pioneering identity assurance solutions. Ubisecure will be launching new services in the coming weeks, where LEIs are central to new organisation Identity Provider (IdP) solutions for advanced KYC (Know your Customer) and RtX (Right to Represent). These cutting-edge services will help enterprises to reduce fraud, lower compliance costs and create new products using verified organisation identities.

Leon Van Der Merwe, Director at PBSA, says “We’re very excited to bring Ubisecure’s pioneering approach to digital identity to the South African market and beyond, and have our global customers benefit from strong organisation identities offered by our signing solutions. Our long-held ideals of collaboration, integrity and accountability go hand in hand with what the LEI stands for – trust in who you’re doing business with.”

Paul Tourret, Corporate Development Officer at RapidLEI, says “We are incredibly honoured to be collaborating with the largest South African signing/workflow provider to connect the LEI ecosystem to the signing ecosystem, and we see a lot of potential to further enhance online trust with LEIs and the Ubisecure IdP services as we connect the various ecosystems together. We see this collaboration being the start of a dramatic shift in how LEIs are used in modern digital transactions.”

Find out more about LEIs at www.rapidlei.com, or get in touch now.

About PBSA

With a rich history of innovation dating back over 90 years, PBSA (formerly Pitney Bowes SA) is a leading customer communications company, offering software, equipment and services to help companies improve operational efficiencies and connect with their customers in more meaningful ways.

Based in Midrand, Gauteng, PBSA understands both hardware and software solutions and is optimally positioned to provide a secure, committed support infrastructure to its international customer base. The company’s solutions help companies engage customers, gain business insight, manage document workflow and ultimately optimise overall business performance.

Visit www.pbsa.co.za to learn more.

PBSA LEI: 984500S5591EMD8BCB56

About SigniFlow

Created in South Africa by a team of passionate Johannesburg-based IT minds, SigniFlow is a core workflow, digital document management and cryptographic digital signature engine that works, either on its own, or fully integrated with existing core business systems.

SigniFlow uses the most advanced and trusted digital signature technologies known to man, enabling powerful workflow functionality and ease of document distribution to automate any business process.

SigniFlow has a team of cryptographic experts, experienced engineers and business process automation architects to assist businesses in their digitalisation journey.

About Ubisecure & RapidLEI

Ubisecure is accredited by the Global Legal Entity Identifier Foundation (GLEIF) to issue Legal Entity Identifiers (LEI). RapidLEI is a Ubisecure service that automates the LEI lifecycle to deliver LEIs quickly and easily. As well as pioneering LEI automation, the company is a technology innovator and provides identity management software and cloud identity services that enable enterprises and governments to enhance customer experience, security and privacy through support for strong identities and management of customer identity data. Ubisecure also provides solutions to companies maintaining their own strong customer identities (such as banks and mobile network operators) to become Identity Providers (IdP) for strong authentication and federation services.

For more information please visit www.rapidlei.com or www.ubisecure.com

Ubisecure LEI: 529900T8BM49AURSDO55

Data protection D-day is here – SA companies take heed

Featured

gdrpGDPR is here, and for organisations that deal with any personal information relating to EU member states, non-compliance will be ruinous.

The countdown has ended. D-day for enforcement of the European Union’s (EU) General Data Protection Regulation (GDPR) is here.

As of today, 25 May 2018, penalties will begin rolling in for organisations that have not yet taken the necessary steps to ensure they are compliant with this restructured – and considerably more stringent – set of data protection regulations.

The GDPR is a regulation borne out of the European Parliament, Council of the European Union and European Commission’s joint intent to strengthen and unify data protection for EU citizens.

But just because the GDPR is an EU regulation, South African organisations are by no means off the hook. On the contrary, experts warn, local companies need to take the GDPR – positioned as one of the most significant changes in data privacy regulation in 20 years – very seriously.

The inescapable fact is, any South African company that handles personal data connected to the EU has to comply with the GDPR, and failure to do so will be met with the same major consequences EU organisations face for non-compliance.

Far-reaching forces

Over recent decades, not only has personal data has become an increasingly important corporate asset that needs to be handled with extreme care, it has also become geographically agnostic. This means that, today more than ever, with the exponential growth of data propagated across borders, organisations globally need to take a staunch and unified approach to guarding it.

South African organisations, big or small, are no different – and the GDPR is not the only government-led product of this hugely digital age, nor will it be the last, it is merely the latest one to be enforced.

Leilani Smit, compliance professional at Smit Compliance (Pty) Ltd, notes that the GDPR applies to any local organisation that holds or processes data on EU citizens, regardless of the location of its head office. “This includes companies that have employees in the EU, sell or market products or services in the EU, or partner with EU organisations.”

Leon van der Merwe, head of digital at customer communication firm PBSA and director of local digital signature and workflow solution SignFlow, adds that any South African entity controlling or processing data relating to EU citizens is affected by the GDPR. “Controlling refers to any organisation that states why and how data is processed, while a processor is any party doing the actual processing of the data, whether based in the EU, or not.”

World Wide Worx MD, Arthur Goldstuck, says the effects of the GDPR will be far-reaching due to the fact that the EU is SA’s biggest trade partner. “[On top of this], any company that does business with a company that has to comply with GDPR, will also have to comply, to ensure the client is in compliance.”

GDPR vs POPI

Fortunately for SA, details around the country’s own local version of data protection policy – the Protection of Personal Information (POPI) Act – have been highly publicised since 2013, and many companies will already be familiar – some even largely compliant – with what is expected of them in terms of data protection.

Summing up SA’s POPI Act, Michalson’s says: “Essentially, the purpose of [POPI] is to protect people from harm by protecting their personal information. To stop their money being stolen, to stop their identity being stolen, and generally to protect their privacy, which is a fundamental human right.”

Although – unlike the GDPR – it is still not known when POPI will come into effect, what is known is that companies will have a one-year transitional phase in which to comply once POPI’s implementation date is made public.

Smit says, should a local company already be compliant with international legislation such as GDPR, the implementation of policies to comply with POPI “should be a breeze and not require anything other than normal company practices and procedures”.

Van der Merwe says POPI and GDPR are similar in that both are intended to strengthen the protection of individuals’ personal information and privacy, and it is precisely this element – intention – that is key here, says Goldstuck.

The high price of non-compliance

Another area in which both sets of rules are similar, is in the hefty fines that come with non-compliance.

In a nutshell: breach rules laid out in the POPI Act, and face a R10 million fine and/or a jail sentence; fail to comply with the GDPR’s regulations, and be prepared to be slapped with a fine of up to €20 million (about R290 million) – or 4% of annual sales (whichever is greater).

Smit comments: “In South African terms, POPI already poses strict penalties for non-compliance, however as far as our Rand stretches, the GDPR’s penalties will definitely cause sleepless nights.”

Although possibly the biggest concern for companies, Smit notes that financial implications are not the only implications they should be worried about. “Not only can non-compliance result in fines and penalties set by the legislation itself, but [the] reputational damage of not processing information correctly, can often be more damaging that the initial penalty itself.”

It is this high price of non-compliance IT and legal experts hope will drive South African companies to do the right thing – not only for themselves, but ultimately for their customers – and fervently strive to meet GDPR compliance criteria.

Consumer-centric control

Van der Merwe says it is all about the consumer. “Both GDPR and POPI were ultimately created to protect the consumer’s privacy. We are all someone’s consumer, and even small businesses owners need to think carefully and logically about areas in their business where personal information is processed or stored, and what vulnerabilities may exist in their processes.

“For instance, we all receive CVs that contain heaps of personal and even sensitive information. Often, after a host of interviews, only the person’s CV that is employed, is securely transferred to a digital or physical vault in HR. What happens to the rest of the CVs that did not make it? It is the responsibility of any business to have policies and procedures to timeously and responsibly destroy such information. Simply identifying these vulnerabilities and implementing logical measures to manage them, is a good start for any size business.

“GDPR is a good thing that could be very bad news for companies, if they fail to provide evidentiary and auditable processes and adequate IT security to protect personal data.”

Goldstuck adds that it is not only important, but essential, that South African companies have a global view on data protection. “Something as simple as having a website hosted on an international platform can make a company liable to sanction under GDPR.”

Teaming up with tech

When it comes to local companies complying with the seemingly daunting and complicated GDPR in a relatively pain-free way, experts agree technology will be key. Software systems that offer automation, content management, enterprise resource planning and accounting, among others, will become a lifeline for many companies in their quest to comply.

Van der Merwe says existing paper-based processes and antiquated electronic systems that were created prior to factors such as the GDPR and POPI, pose major risks of contravening their laws and directives. “It is all about how businesses – and governments themselves – are going to align their physical and data processing practices with the new requirements and legislation. New regulations that enforce concepts such as the right to be forgotten pose major challenges if not considered in the process from the outset.”

Goldstuck says, while the data protection laws necessitate considerable changes in the ways businesses operate and interact with customers, good compliance systems will provide most of the safeguards they need.

“Businesses will have to get permission for almost every interaction with customers, they will have to become more discerning in what information they require from customers, and they will have to institute strict compliance systems to ensure they do not fall foul of these laws. As a result, compliance officers, CIOs and CTOs will have more direct roles to play in customer strategy.”

Don’t delay

Although not yet enforceable, the commencement date for POPI has been looming large on the horizon for some time now, with many expecting it by the end of 2018.

Despite this, say experts, many organisations are far from being ready. Goldstuck says: “Most large businesses have geared themselves up to comply with POPI, although many have not put this gearing up into effect. However, there is also an impression that many companies are simply not bothering until they are forced.”

Forrester’s 2018 predictions indicate that a whopping 80% of firms will not comply with GDPR regulations by May this year.

This has to change – and fast – says Smit. “Businesses can no longer just take a backseat and hope this will pass by or fly over.  Active steps will have to be taken in an organisation, for instance staff training, risk assessments and creating an ethical culture within an organisation, specifically with regards to processing personal information.”

 

 

[REFERENCES]

  1. EUR-Lex – Access to European Law
  2. org – Web learning resources for the EU General Data Protection Regulation
  3. Government Gazette (justice.gov.za) – Act No. 4 of 2013: Protection of Personal Information Act, 2013
  4. Michalson’s – POPI Act Summary in Plain Language
  5. Forrester – Predictions 2018: A Year of Reckoning

Data protection: SA companies need to take a global stance

Featured

how-to-comply-with-the-data-protection-act-457501399With the implementation of the EU’s data protection laws just around the corner, local entities need to study up on how it could affect them.

D-day for implementation of the European Union’s (EU) General Data Protection Regulation (GDPR) is just three months away – and South African organisations are by no means off the hook.

If you are a South African entity that handles individuals’ personal data, you will be acutely aware of our country’s data protection law – the Protection of Personal Information (POPI) Act – but have you considered how the looming GDPR affects the way you manage clients’ personal information?

The fact of the matter is, if you are a locally-based business that offers goods or services to EU customers, you also deal with personal information or data relating to EU citizens’ – and you are just as responsible for complying with the GDPR as any EU business.

Leon van der Merwe, head of digital at customer communication firm PBSA, points out that any entity controlling or processing data relating to EU citizens is affected by the GDPR. “Controlling refers to any organisation that states why and how data is processed, while a processor is any party doing the actual processing of the data, whether based in the EU, or not.”

GDPR vs POPI

Van der Merwe says it is crucially important for local companies with dealings abroad to do their homework and familiarise themselves with the GDPR’s ground rules. “Companies could be fined heavily under GDPR regulations if they fail to provide evidentiary and auditable processes, as well as adequate IT security, to protect personal data.”

The GDPR is a regulation borne out of the European Parliament, Council of the European Union and European Commission’s joint intent to strengthen and unify data protection EU citizens.

Non-compliance with the GDPR comes with a hefty fine of up to €20 million (about R290 million) – or 4% of annual sales.

Similar to SA’s POPI Act, the GDPR is all about data protection. Data includes things like a person’s name, email address and phone number, as well as information collected by website cookies like internet browsing habits.

Breaching rules laid out in the POPI Act comes with a R10 million fine and/or a jail sentence.

Van der Merwe summarises the parallels between the two data-protection directives: “POPI and GDPR are similar, in that they both aim to strengthen the protection of personal information. They differ in their approach, in that the GDPR takes a wider, more global perspective that includes anyone, anywhere either controlling or processing – or both – data relating to EU citizens.”

Auditable business processes

A big part of compliance, when it comes to both the POPI Act and the GDPR, specifically involves audit trails – something PBSA’s digital signature and workflow product, SignFlow, is heavily centred on.

For evidentiary purposes and in order for any company to assert GDPR compliance, the automated management of an audit trail is imperative.

Van der Merwe says SignFlow is can assist customers in their strategy to automate and digitise processes in a responsible and compliant manner. “Business Process Automation is at the forefront of our technology development at SignFlow, including tools like DocFlow, CaseFlow and our digital customer on-boarding tools.”

At the core of SignFlow, he says, is Public Key Infrastructure (PKI). “PKI manages users’ private keys, and signs and secures documents using Public Key Cryptography. Not only does this make documents tamper-evident after they’ve been signed, but the entire operation is conducted in a secure network over encrypted secure socket layers between the public, personal devices and private servers.”

Unlike paper files and systems managing email attachments, this portal fully controls and audits the workflow and communication channels between interacting parties. “This greatly reduces the risk of data leaks,” says van der Merwe.

“The system enhances non-repudiation, creating a digital trail of undeniable events that prove intent and identity.”

With GDPR set to come into effect on 25 May 2018, and the high stakes attached to non-compliance, South African companies simply cannot afford not to take a global view on data protection. “The protection of personal information goes far beyond just the POPI Act for local companies dealing with international customers,” says van der Merwe.

 

[REFERENCES]

  1. Digiday – For the GDPR-curious: WTF is the Article 29 Working Party?
  2. The Digiday Guide to GDPR (PDF)
  3. The Sun – What is GDPR, what does it stand for, when is the deadline in 2018 and how can you check if a business is compliant?
  4. Michalsons – What does the GDPR mean for the POPI Act?
    POPI commencement date or POPI effective date starts the clock
  5. Wikipedia – General Data Protection Regulation
  6. IOL – Protection of Personal Information Act soon to become a reality
  7. ITWeb – Unpacking the POPI Act: The ins and outs of protecting personal information

SignFlow ties up with Accfin to digitise accounting processes

The integration of two state-of-the-art software platforms transports the accounting profession into a new world of digitisation.

Digital signature workflow solution SignFlow and accounting software firm Accfin have integrated their respective software platforms, in a move that places the accounting profession securely in a new and exciting world of digitisation.

Accfin, a local software firm leading the way in automation of back-office systems for accounting and auditing companies, grew out of an accounting firm over 20 years ago. The recent tie-up with SignFlow – a locally developed and internationally recognised digital signature solution – essentially automates the entire communication process involved in the accounting practice.

Leon van der Merwe, head of digital at SignFlow parent company PBSA, explains, “By using the SignFlow feature in Accfin software, you eliminate the need for print, courier and e-mailing of sensitive documents to customers – and then having to wait days, even weeks for a response.

“SignFlow is built on a powerful, digital workflow engine that tracks progress and instils accountability and auditability. Apart from the obvious environmental advantages the solution offers, the value of saving time through increased efficiency, is most valuable to accountants, who work under tremendous time pressure.”

Accfin MD Mark Silberman says the integration with SignFlow “changes the state of play” in the accounting market place. “It automates the communication process. Our software allows accounting firms to communicate with their clients. The integration of SignFlow with [Accfin’s] Sky Software allows the customers of the accountant to authorise the filing of tax returns and approve company resolutions.”

Accfin, which strives to provide state-of-the-art back office systems to South African accounting firms, currently provides automation software across the sector – from large international firms, to small sole practitioners.

Van der Merwe says SignFlow is proud to be associated with Accfin Software – a company that is “definitely leading the way in automating back office systems for accounting and auditing firms”.

“SignFlow is fast becoming the most trusted digital signature workflow solution in South Africa, especially within the auditing and financial sectors,” concludes Van der Merwe.

Draftworx, SignFlow integration yields SA first

A recent partnership between the two software platforms brings a cutting-edge automation solution to the accounting and auditing industry.

In a move that has seen the birth of cutting-edge technology – the first of its kind in South Africa – SignFlow has partnered with Draftworx, addressing a critical need identified among auditors and corporate companies that draft financial statements.

Draftworx provides automated drafting and working paper financial software to more than 2 500 accounting and auditing firms. The company went to market six and a half years ago, bringing the industry easy-to-learn and easy-to-use automation software, which allows  accountants and auditors to generate International Financial Reporting Standards  (IFRS)/IFRS SME compliant financial statements and ISA audit, review, and compilation engagement compliance.

According to Leon van der Merwe, head of digital at SignFlow parent company PBSA, the integration between the two software platforms came about when a massive need among auditors and corporates that prepare their own financial statements was identified – that of automating and digitising the process of getting financial statements and engagement documents signed off by company directors.

“Auditors can now automate and digitise their document delivery processes using the DigiSign module in the Draftworx platform to distribute documents electronically for customers to sign, using legally binding SignFlow digital signatures. The distribution and signing process is completely digital and auditable, entirely removing the need to print, scan and deliver paper-based financial statements and engagement contracts.”

Draftworx CEO Earl Steyn says the company, which aims to be in the cloud by year-end, sees SignFlow becoming one of its core technologies and marketing advantages. “Accountants and auditors can reduce time wastage – as well as waiting periods – by having their clients sign all their documentation offsite and at their leisure.”

Steyn adds his experience with SignFlow – a locally developed and internationally recognised digital signature and workflow solution – has been “phenomenal”. He says the team pays attention to detail and is willing to customise SignFlow to Draftworx and its clients’ requirements.

Van der Merwe says the SignFlow team is proud to be associated with Draftworx software, “which is leading the way in IFRS/IFRS SME compliant financial statements and ISA audit software in South Africa and across Africa”.

ACS partnership bolsters digital certificate security

SignFlow has teamed up with Altech Card Solutions to offer Thales hardware security modules to its digital signature customers.

In a move that will see users’ private keys and personal digital certificates receiving a serious security boost, SignFlow has partnered with Altech Card Solutions (ACS), a division of Altron TMT, to offer Thales HSMs (hardware security modules) to digital signature customers.

Using SignFlow’s PKCS#11 cryptographic interface, SignFlow uses Thales NShield Connect HSMs to perform highly specialised cryptographic operations, and to fully manage and secure private keys and personal digital certificates.

Head of digital at SignFlow’s parent company PBSA, Leon can der Merwe, says the partnership with ACS sees SignFlow extending its integration reach to include the Thales NShield range of network attached, FIPS 140-2 Level 3 HSMs.

“Apart from deploying the NShield devices in the highly-secure SignFlow Cloud, we now also offer the NShield range to corporate customers who would like to localise and manage their SignFlow private keys in private data centres.”

The SignFlow HSMs are directly integrated with multiple local and global CA’s (Certificate Authorities) to offer stringent, legally compliant Advanced Electronic Signatures (AES), Qualified Electronic Signatures (QES) and Adobe Approved Trust List (AATL) certificates, which are applied to documents through its digital signature application.

A division of Altron TMT (Pty) Ltd, ACS was formed in 1993 and is today firmly established as a leading player in the secure electronic transactions market.

It is Thales’ established track record in the payments security space and global footprint in hardware and software encryption solutions that makes this partnership so advantageous, says ACS.

SignFlow, an enterprise-class digital signature and document workflow application, was born in a digital era that has seen new business opportunities emerging as paper-based systems are replaced by digital platforms.

SignFlow digital signatures are powered by robust public-key infrastructure (PKI) technology, which is recognised as best practice for ensuring digital accountability. SignFlow digital signatures offer an effective, secure and legally compliant method of providing accountability during electronic transactions.

“Our partnership with ACS will benefit customers across the spectrum – including consumers using SignFlow’s SignFREE to sign documents, businesses using the SignFlow Cloud to distribute documents and government and corporate institutions using SignFlow’s Enterprise Hybrid Servers and Private Network Servers to digitally sign and workflow documents for sign-offs,” says Van der Merwe.

Goodbye ink, hello digital signatures


With the business world turning increasingly to digitally signed documents, the hand-written signature is on its last legs.

digital-signing

With more businesses and entities than ever before turning to digitally signed documents to solve security issues and improve logistics, the value and lifespan of the hand-written signature has come under serious scrutiny.

While there is a certain sentimentality – perhaps an emotional attachment bred at school level – still attached to an individual’s unique autograph, there are overarching ideals that suggest a future without it.

In fact the hand-written or ink signature has, in recent times, been likened to landline telephones and typewriters – age-old tools that, beyond their nostalgic appeal, are on their death bed. In the corporate world, which is increasingly aspiring towards a paperless future, pen-and-paper signing has been dubbed the enemy.

Leon van der Merwe, head of digital at PBSA and co-founder of South African based digital signature solution SignFlow, believes the hand-written signature’s time is slowly but surely coming to an end. “Ink signatures have been a part of human culture for aeons and, for their time, they had their place. But with today’s technology, there is no reason for us to hang on to something that, for all intents and purposes, is about as dependable as a fake Facebook profile.”

Ink signature snags

Van der Merwe points out the biggest problem with hand-written signatures is that they can easily be forged. “There are a number of ways in which digital signatures trump hand-written ones, but the most significant and compelling feature of digital above ink is that of security.

“Digital signatures use a cryptographic operation that creates a hash-code, which is unique to both the signer and the content. It cannot be copied, forged or tampered with. The whole process provides irrefutable proof of the signer’s identity, protects the data integrity of the document and provides non-repudiation of signed documents.”

Apart from ink signatures being prone to forgery, a general attitude of inattentiveness has crept in over the years, making them quite literally a joke. This is most applicable when it comes to transaction authorisation.

“When last did you notice a waiter or retail clerk checking the signature you pen on the receipt? And do you always sign legibly and consistently?” asks Van der Merwe.

As far back as 2001, Internet humourist John Hargrave experimented with this notion in a credit card prank in which he forged outlandish signatures on receipts. He reportedly signed receipts with, among others, “Mariah Carey”, “Beethoven” and “I stole this card”. Hargrave even signed in hieroglyphics. None of the merchants noticed. (Hargrave recounts his famous Credit Card Prank in his 2007 book, Prank the Monkey)

‘Sign here’ has been replaced with ‘Click here’

Former US president Bill Clinton lent credence to the solidity of signing digitally in 2000, when he signed the first US bill into law electronically.

Renowned Amercian business magazine, Forbes, begins its article on Clinton’s watershed signing with the line, “‘Sign here’ has just been replaced with ‘click here’.”

Another turning point in the life of the digital signature took place earlier this year, in July, when the European Union effected new guidelines for electronic signatures, giving them the same legal power as hand-written signatures.

“The benefits of employing digital business processes far outweigh the paper-reliant processes of days gone by and it’s only a matter of time before digital signatures take over from their expiring ink-on-paper counterparts,” says Van der Merwe.

Not only are digital signatures undeniably more secure and unable to be forged, he concludes, they are legally sound. “Importantly, they also create a digital audit trail and they don’t rely on filing, printing, scanning or back-and-forth emailing – paper-based processes that cost companies profoundly, in terms of both time and money.”

REFERENCES

SignFlow

The Verge

New Republic

Forbes

Credit vetting – an essential key to SME success

credit-vet

For SMEs, sound risk management via credit vetting is not only advisable, it is absolutely essential.

Wasting precious time and resources chasing down debtors for money is not only undesirable for any business, it can be downright destructive. The good news is, there is a way to avoid this – and it is inexpensive and painless. Two words: credit check.

If you are in business, you will know that cash flow is king. This is especially true in the in the small to medium enterprise (SME) environment, where finances are particularly tight. Clients that default on payments can – and inevitably do – seriously jeapordise the success of your company.

A foolproof way to protect your business – and ultimately boost its financial fitness – is through consistent credit vetting.

Credit vetting is simply the process of affirming the credit worthiness of customers in terms of financials. Checking the credit status of your clients greatly minimises uncertainty around whether your invoices will be paid, as it provides an overview of their credit rating and reveals whether there are any judgements against them, or whether they have defaulted on payments in the past.

Simple step towards success

According to Leon van der Merwe, senior business development manager at customer communications firm PBSA, the percentage of small simply overlooking this critical process is staggering.

“Simply taking the steps to check the credit status of companies and directors before doing business with them is straightforward, very affordable and it could make all the difference.”

A detailed credit application document with the correct capture information, credit vetting consent and related terms of agreement will protect the financial wellbeing of your organisation, he adds.

All of this can be easily accessed via pbVerify, a PBSA product that offers a user-friendly online credit vetting service. Specifically for small to medium sized businesses, pbVerify is connected to all major credit bureaux and credit data providers and is credible and accurate.

“Neglecting this crucial step towards managing a successful business can cost you profoundly. Having an overview of the credit worthiness of potential customers, on the other hand, will help you make better decisions, in turn saving you time, trouble and money,” concludes Van der Merwe.

For a comprehensive view of all pbVerify’s vetting solutions, please visit www.pbverify.co.za