International firm opens office in Horsham

Featured

Published by West Sussex County Times on 15 November 2019

SigniFlow Directors AGS 2019

After opening their first UK office in Horsham on September 1, SigniFlow, celebrated in style this week, by holding their official launch event at the South Lodge Hotel.

With SigniFlow top management flying in from South Africa, Australia and the United States to attend, there was no doubt as to the significance of the UK launch for this international company.

South African director, Leon Van Der Merwe, was quick to commend the warm reception the team received from the Horsham business community, before asserting that ‘modern businesses had to move forward with technology in order to survive in the modern world’.

Attended by many of SigniFlow’s existing Sussex customers, along with local businesses keen to modernize their procedures and increase productivity, the launch event was abuzz with talk of digital innovation. SigniFlow, which has its roots in South Africa, rapidly reduces the costs, time and money spent on processing, managing and physically signing paper documents, through the use of unique, legally approved cryptographic digital signatures.

“Located in the heart of Sussex, with the county being widely recognised as being a hub for technology and digital advancement, Horsham is the perfect fit for us,” said Greig Orrell, Director of GB and EU Sales and Business Development. “Our worldwide ethos is to support our local and regional communities and our Horsham team will be expanding in the months to come. This is the first of many satellite offices, and we look forward to seeing our team continue to develop and grow accordingly, as they have across the world.”

Already benefiting from SigniFlow’s next generation E-Signer and Document Management technology, Anthony Neal from Maylark Property Management, was keen to talk about how the solution had already worked for their business, just months after deployment. “This unique system has saved us a huge amount of time and its ability to track, file and document our workflows is impressive. All signature requiring documents can now be emailed, and our clients are able to securely and digitally sign the paperwork without the need for an appointment. And, we can access this web-based service from all of our phones, iPad or PCs, so we can respond and sign paperwork whilst out of the office too.”

Recently lauded as being one of the most revolutionary women in IT security, SigniFlow Americas CEO Laila Robak – who is also head of SigniFlow’s cyber security development – is a firm believer in the “better safe than sorry” approach when it comes to the security of companies’ data. And for businesses that do have cyber security as one of their primary concerns, SigniFlow has you covered, with solutions that have been developed by some of the greatest minds in the information technology arena.

For more information and a free trial of the SigniFlow solution, please contact Greig Orrell on 07395 650738, email uk@signiflow.com , or visit http://www.signiflow.co.uk.

New fintech partnership to escalate RapidLEI growth in South Africa

Featured

Innovative new partnership sees LEIs encapsulated in digital signing applications.

South Africa-based customer communications company, PBSA, and UK-based Legal Entity Identifier (LEI) innovator, RapidLEI, today announced a strategic partnership that will see PBSA become a regional Registration Agent (RA) for RapidLEI as well as build LEI support into its signing solutions.

RapidLEI was launched in 2018 by Ubisecure and has been taking the world by storm through a growing network of global partners, with PBSA representing the next stage in this continued expansion. RapidLEI’s pioneering automatic LEI issuance process sees it reduced from a few days to a few minutes. With regulation mandating the use of LEIs and new use cases now benefitting from the identity assurance LEIs can offer, this G20-endorsed organisation identifier is already achieving mass adoption and shows no sign of slowing down.

PBSA, as a RapidLEI Registration Agent, will meet client demand for LEIs in South Africa, as well as offering LEIs in other regions they are expanding to, such as Europe and the USA, via their SigniFlow brand.

The RapidLEI solution makes LEIs available through a SaaS service or API. The API allows third party developers to build same-session LEI issuance into their applications, which will be used to its full extent by PBSA in the first stage of this collaboration. While strong identities like BankID & eID are beginning to be used to digitally sign documents, this new partnership adds organisational identity to the digital seal in the form of an LEI. Encapsulating the LEI in the company seal gives the other party the opportunity to check identities against a live global company database – verifying which company signed this document, and also their parent company/group structure.

After this initial phase of the partnership, PBSA and Ubisecure plan to collaborate further on additional pioneering identity assurance solutions. Ubisecure will be launching new services in the coming weeks, where LEIs are central to new organisation Identity Provider (IdP) solutions for advanced KYC (Know your Customer) and RtX (Right to Represent). These cutting-edge services will help enterprises to reduce fraud, lower compliance costs and create new products using verified organisation identities.

Leon Van Der Merwe, Director at PBSA, says “We’re very excited to bring Ubisecure’s pioneering approach to digital identity to the South African market and beyond, and have our global customers benefit from strong organisation identities offered by our signing solutions. Our long-held ideals of collaboration, integrity and accountability go hand in hand with what the LEI stands for – trust in who you’re doing business with.”

Paul Tourret, Corporate Development Officer at RapidLEI, says “We are incredibly honoured to be collaborating with the largest South African signing/workflow provider to connect the LEI ecosystem to the signing ecosystem, and we see a lot of potential to further enhance online trust with LEIs and the Ubisecure IdP services as we connect the various ecosystems together. We see this collaboration being the start of a dramatic shift in how LEIs are used in modern digital transactions.”

Find out more about LEIs at www.rapidlei.com, or get in touch now.

About PBSA

With a rich history of innovation dating back over 90 years, PBSA (formerly Pitney Bowes SA) is a leading customer communications company, offering software, equipment and services to help companies improve operational efficiencies and connect with their customers in more meaningful ways.

Based in Midrand, Gauteng, PBSA understands both hardware and software solutions and is optimally positioned to provide a secure, committed support infrastructure to its international customer base. The company’s solutions help companies engage customers, gain business insight, manage document workflow and ultimately optimise overall business performance.

Visit www.pbsa.co.za to learn more.

PBSA LEI: 984500S5591EMD8BCB56

About SigniFlow

Created in South Africa by a team of passionate Johannesburg-based IT minds, SigniFlow is a core workflow, digital document management and cryptographic digital signature engine that works, either on its own, or fully integrated with existing core business systems.

SigniFlow uses the most advanced and trusted digital signature technologies known to man, enabling powerful workflow functionality and ease of document distribution to automate any business process.

SigniFlow has a team of cryptographic experts, experienced engineers and business process automation architects to assist businesses in their digitalisation journey.

About Ubisecure & RapidLEI

Ubisecure is accredited by the Global Legal Entity Identifier Foundation (GLEIF) to issue Legal Entity Identifiers (LEI). RapidLEI is a Ubisecure service that automates the LEI lifecycle to deliver LEIs quickly and easily. As well as pioneering LEI automation, the company is a technology innovator and provides identity management software and cloud identity services that enable enterprises and governments to enhance customer experience, security and privacy through support for strong identities and management of customer identity data. Ubisecure also provides solutions to companies maintaining their own strong customer identities (such as banks and mobile network operators) to become Identity Providers (IdP) for strong authentication and federation services.

For more information please visit www.rapidlei.com or www.ubisecure.com

Ubisecure LEI: 529900T8BM49AURSDO55

Data protection D-day is here – SA companies take heed

Featured

gdrpGDPR is here, and for organisations that deal with any personal information relating to EU member states, non-compliance will be ruinous.

The countdown has ended. D-day for enforcement of the European Union’s (EU) General Data Protection Regulation (GDPR) is here.

As of today, 25 May 2018, penalties will begin rolling in for organisations that have not yet taken the necessary steps to ensure they are compliant with this restructured – and considerably more stringent – set of data protection regulations.

The GDPR is a regulation borne out of the European Parliament, Council of the European Union and European Commission’s joint intent to strengthen and unify data protection for EU citizens.

But just because the GDPR is an EU regulation, South African organisations are by no means off the hook. On the contrary, experts warn, local companies need to take the GDPR – positioned as one of the most significant changes in data privacy regulation in 20 years – very seriously.

The inescapable fact is, any South African company that handles personal data connected to the EU has to comply with the GDPR, and failure to do so will be met with the same major consequences EU organisations face for non-compliance.

Far-reaching forces

Over recent decades, not only has personal data has become an increasingly important corporate asset that needs to be handled with extreme care, it has also become geographically agnostic. This means that, today more than ever, with the exponential growth of data propagated across borders, organisations globally need to take a staunch and unified approach to guarding it.

South African organisations, big or small, are no different – and the GDPR is not the only government-led product of this hugely digital age, nor will it be the last, it is merely the latest one to be enforced.

Leilani Smit, compliance professional at Smit Compliance (Pty) Ltd, notes that the GDPR applies to any local organisation that holds or processes data on EU citizens, regardless of the location of its head office. “This includes companies that have employees in the EU, sell or market products or services in the EU, or partner with EU organisations.”

Leon van der Merwe, head of digital at customer communication firm PBSA and director of local digital signature and workflow solution SignFlow, adds that any South African entity controlling or processing data relating to EU citizens is affected by the GDPR. “Controlling refers to any organisation that states why and how data is processed, while a processor is any party doing the actual processing of the data, whether based in the EU, or not.”

World Wide Worx MD, Arthur Goldstuck, says the effects of the GDPR will be far-reaching due to the fact that the EU is SA’s biggest trade partner. “[On top of this], any company that does business with a company that has to comply with GDPR, will also have to comply, to ensure the client is in compliance.”

GDPR vs POPI

Fortunately for SA, details around the country’s own local version of data protection policy – the Protection of Personal Information (POPI) Act – have been highly publicised since 2013, and many companies will already be familiar – some even largely compliant – with what is expected of them in terms of data protection.

Summing up SA’s POPI Act, Michalson’s says: “Essentially, the purpose of [POPI] is to protect people from harm by protecting their personal information. To stop their money being stolen, to stop their identity being stolen, and generally to protect their privacy, which is a fundamental human right.”

Although – unlike the GDPR – it is still not known when POPI will come into effect, what is known is that companies will have a one-year transitional phase in which to comply once POPI’s implementation date is made public.

Smit says, should a local company already be compliant with international legislation such as GDPR, the implementation of policies to comply with POPI “should be a breeze and not require anything other than normal company practices and procedures”.

Van der Merwe says POPI and GDPR are similar in that both are intended to strengthen the protection of individuals’ personal information and privacy, and it is precisely this element – intention – that is key here, says Goldstuck.

The high price of non-compliance

Another area in which both sets of rules are similar, is in the hefty fines that come with non-compliance.

In a nutshell: breach rules laid out in the POPI Act, and face a R10 million fine and/or a jail sentence; fail to comply with the GDPR’s regulations, and be prepared to be slapped with a fine of up to €20 million (about R290 million) – or 4% of annual sales (whichever is greater).

Smit comments: “In South African terms, POPI already poses strict penalties for non-compliance, however as far as our Rand stretches, the GDPR’s penalties will definitely cause sleepless nights.”

Although possibly the biggest concern for companies, Smit notes that financial implications are not the only implications they should be worried about. “Not only can non-compliance result in fines and penalties set by the legislation itself, but [the] reputational damage of not processing information correctly, can often be more damaging that the initial penalty itself.”

It is this high price of non-compliance IT and legal experts hope will drive South African companies to do the right thing – not only for themselves, but ultimately for their customers – and fervently strive to meet GDPR compliance criteria.

Consumer-centric control

Van der Merwe says it is all about the consumer. “Both GDPR and POPI were ultimately created to protect the consumer’s privacy. We are all someone’s consumer, and even small businesses owners need to think carefully and logically about areas in their business where personal information is processed or stored, and what vulnerabilities may exist in their processes.

“For instance, we all receive CVs that contain heaps of personal and even sensitive information. Often, after a host of interviews, only the person’s CV that is employed, is securely transferred to a digital or physical vault in HR. What happens to the rest of the CVs that did not make it? It is the responsibility of any business to have policies and procedures to timeously and responsibly destroy such information. Simply identifying these vulnerabilities and implementing logical measures to manage them, is a good start for any size business.

“GDPR is a good thing that could be very bad news for companies, if they fail to provide evidentiary and auditable processes and adequate IT security to protect personal data.”

Goldstuck adds that it is not only important, but essential, that South African companies have a global view on data protection. “Something as simple as having a website hosted on an international platform can make a company liable to sanction under GDPR.”

Teaming up with tech

When it comes to local companies complying with the seemingly daunting and complicated GDPR in a relatively pain-free way, experts agree technology will be key. Software systems that offer automation, content management, enterprise resource planning and accounting, among others, will become a lifeline for many companies in their quest to comply.

Van der Merwe says existing paper-based processes and antiquated electronic systems that were created prior to factors such as the GDPR and POPI, pose major risks of contravening their laws and directives. “It is all about how businesses – and governments themselves – are going to align their physical and data processing practices with the new requirements and legislation. New regulations that enforce concepts such as the right to be forgotten pose major challenges if not considered in the process from the outset.”

Goldstuck says, while the data protection laws necessitate considerable changes in the ways businesses operate and interact with customers, good compliance systems will provide most of the safeguards they need.

“Businesses will have to get permission for almost every interaction with customers, they will have to become more discerning in what information they require from customers, and they will have to institute strict compliance systems to ensure they do not fall foul of these laws. As a result, compliance officers, CIOs and CTOs will have more direct roles to play in customer strategy.”

Don’t delay

Although not yet enforceable, the commencement date for POPI has been looming large on the horizon for some time now, with many expecting it by the end of 2018.

Despite this, say experts, many organisations are far from being ready. Goldstuck says: “Most large businesses have geared themselves up to comply with POPI, although many have not put this gearing up into effect. However, there is also an impression that many companies are simply not bothering until they are forced.”

Forrester’s 2018 predictions indicate that a whopping 80% of firms will not comply with GDPR regulations by May this year.

This has to change – and fast – says Smit. “Businesses can no longer just take a backseat and hope this will pass by or fly over.  Active steps will have to be taken in an organisation, for instance staff training, risk assessments and creating an ethical culture within an organisation, specifically with regards to processing personal information.”

 

 

[REFERENCES]

  1. EUR-Lex – Access to European Law
  2. org – Web learning resources for the EU General Data Protection Regulation
  3. Government Gazette (justice.gov.za) – Act No. 4 of 2013: Protection of Personal Information Act, 2013
  4. Michalson’s – POPI Act Summary in Plain Language
  5. Forrester – Predictions 2018: A Year of Reckoning

Data protection: SA companies need to take a global stance

Featured

how-to-comply-with-the-data-protection-act-457501399With the implementation of the EU’s data protection laws just around the corner, local entities need to study up on how it could affect them.

D-day for implementation of the European Union’s (EU) General Data Protection Regulation (GDPR) is just three months away – and South African organisations are by no means off the hook.

If you are a South African entity that handles individuals’ personal data, you will be acutely aware of our country’s data protection law – the Protection of Personal Information (POPI) Act – but have you considered how the looming GDPR affects the way you manage clients’ personal information?

The fact of the matter is, if you are a locally-based business that offers goods or services to EU customers, you also deal with personal information or data relating to EU citizens’ – and you are just as responsible for complying with the GDPR as any EU business.

Leon van der Merwe, head of digital at customer communication firm PBSA, points out that any entity controlling or processing data relating to EU citizens is affected by the GDPR. “Controlling refers to any organisation that states why and how data is processed, while a processor is any party doing the actual processing of the data, whether based in the EU, or not.”

GDPR vs POPI

Van der Merwe says it is crucially important for local companies with dealings abroad to do their homework and familiarise themselves with the GDPR’s ground rules. “Companies could be fined heavily under GDPR regulations if they fail to provide evidentiary and auditable processes, as well as adequate IT security, to protect personal data.”

The GDPR is a regulation borne out of the European Parliament, Council of the European Union and European Commission’s joint intent to strengthen and unify data protection EU citizens.

Non-compliance with the GDPR comes with a hefty fine of up to €20 million (about R290 million) – or 4% of annual sales.

Similar to SA’s POPI Act, the GDPR is all about data protection. Data includes things like a person’s name, email address and phone number, as well as information collected by website cookies like internet browsing habits.

Breaching rules laid out in the POPI Act comes with a R10 million fine and/or a jail sentence.

Van der Merwe summarises the parallels between the two data-protection directives: “POPI and GDPR are similar, in that they both aim to strengthen the protection of personal information. They differ in their approach, in that the GDPR takes a wider, more global perspective that includes anyone, anywhere either controlling or processing – or both – data relating to EU citizens.”

Auditable business processes

A big part of compliance, when it comes to both the POPI Act and the GDPR, specifically involves audit trails – something PBSA’s digital signature and workflow product, SignFlow, is heavily centred on.

For evidentiary purposes and in order for any company to assert GDPR compliance, the automated management of an audit trail is imperative.

Van der Merwe says SignFlow is can assist customers in their strategy to automate and digitise processes in a responsible and compliant manner. “Business Process Automation is at the forefront of our technology development at SignFlow, including tools like DocFlow, CaseFlow and our digital customer on-boarding tools.”

At the core of SignFlow, he says, is Public Key Infrastructure (PKI). “PKI manages users’ private keys, and signs and secures documents using Public Key Cryptography. Not only does this make documents tamper-evident after they’ve been signed, but the entire operation is conducted in a secure network over encrypted secure socket layers between the public, personal devices and private servers.”

Unlike paper files and systems managing email attachments, this portal fully controls and audits the workflow and communication channels between interacting parties. “This greatly reduces the risk of data leaks,” says van der Merwe.

“The system enhances non-repudiation, creating a digital trail of undeniable events that prove intent and identity.”

With GDPR set to come into effect on 25 May 2018, and the high stakes attached to non-compliance, South African companies simply cannot afford not to take a global view on data protection. “The protection of personal information goes far beyond just the POPI Act for local companies dealing with international customers,” says van der Merwe.

 

[REFERENCES]

  1. Digiday – For the GDPR-curious: WTF is the Article 29 Working Party?
  2. The Digiday Guide to GDPR (PDF)
  3. The Sun – What is GDPR, what does it stand for, when is the deadline in 2018 and how can you check if a business is compliant?
  4. Michalsons – What does the GDPR mean for the POPI Act?
    POPI commencement date or POPI effective date starts the clock
  5. Wikipedia – General Data Protection Regulation
  6. IOL – Protection of Personal Information Act soon to become a reality
  7. ITWeb – Unpacking the POPI Act: The ins and outs of protecting personal information

SignFlow ties up with Accfin to digitise accounting processes

Featured

The integration of two state-of-the-art software platforms transports the accounting profession into a new world of digitisation.

Digital signature workflow solution SignFlow and accounting software firm Accfin have integrated their respective software platforms, in a move that places the accounting profession securely in a new and exciting world of digitisation.

Accfin, a local software firm leading the way in automation of back-office systems for accounting and auditing companies, grew out of an accounting firm over 20 years ago. The recent tie-up with SignFlow – a locally developed and internationally recognised digital signature solution – essentially automates the entire communication process involved in the accounting practice.

Leon van der Merwe, head of digital at SignFlow parent company PBSA, explains, “By using the SignFlow feature in Accfin software, you eliminate the need for print, courier and e-mailing of sensitive documents to customers – and then having to wait days, even weeks for a response.

“SignFlow is built on a powerful, digital workflow engine that tracks progress and instils accountability and auditability. Apart from the obvious environmental advantages the solution offers, the value of saving time through increased efficiency, is most valuable to accountants, who work under tremendous time pressure.”

Accfin MD Mark Silberman says the integration with SignFlow “changes the state of play” in the accounting market place. “It automates the communication process. Our software allows accounting firms to communicate with their clients. The integration of SignFlow with [Accfin’s] Sky Software allows the customers of the accountant to authorise the filing of tax returns and approve company resolutions.”

Accfin, which strives to provide state-of-the-art back office systems to South African accounting firms, currently provides automation software across the sector – from large international firms, to small sole practitioners.

Van der Merwe says SignFlow is proud to be associated with Accfin Software – a company that is “definitely leading the way in automating back office systems for accounting and auditing firms”.

“SignFlow is fast becoming the most trusted digital signature workflow solution in South Africa, especially within the auditing and financial sectors,” concludes Van der Merwe.

Draftworx, SignFlow integration yields SA first

Featured

A recent partnership between the two software platforms brings a cutting-edge automation solution to the accounting and auditing industry.

In a move that has seen the birth of cutting-edge technology – the first of its kind in South Africa – SignFlow has partnered with Draftworx, addressing a critical need identified among auditors and corporate companies that draft financial statements.

Draftworx provides automated drafting and working paper financial software to more than 2 500 accounting and auditing firms. The company went to market six and a half years ago, bringing the industry easy-to-learn and easy-to-use automation software, which allows  accountants and auditors to generate International Financial Reporting Standards  (IFRS)/IFRS SME compliant financial statements and ISA audit, review, and compilation engagement compliance.

According to Leon van der Merwe, head of digital at SignFlow parent company PBSA, the integration between the two software platforms came about when a massive need among auditors and corporates that prepare their own financial statements was identified – that of automating and digitising the process of getting financial statements and engagement documents signed off by company directors.

“Auditors can now automate and digitise their document delivery processes using the DigiSign module in the Draftworx platform to distribute documents electronically for customers to sign, using legally binding SignFlow digital signatures. The distribution and signing process is completely digital and auditable, entirely removing the need to print, scan and deliver paper-based financial statements and engagement contracts.”

Draftworx CEO Earl Steyn says the company, which aims to be in the cloud by year-end, sees SignFlow becoming one of its core technologies and marketing advantages. “Accountants and auditors can reduce time wastage – as well as waiting periods – by having their clients sign all their documentation offsite and at their leisure.”

Steyn adds his experience with SignFlow – a locally developed and internationally recognised digital signature and workflow solution – has been “phenomenal”. He says the team pays attention to detail and is willing to customise SignFlow to Draftworx and its clients’ requirements.

Van der Merwe says the SignFlow team is proud to be associated with Draftworx software, “which is leading the way in IFRS/IFRS SME compliant financial statements and ISA audit software in South Africa and across Africa”.

ACS partnership bolsters digital certificate security

Featured

SignFlow has teamed up with Altech Card Solutions to offer Thales hardware security modules to its digital signature customers.

In a move that will see users’ private keys and personal digital certificates receiving a serious security boost, SignFlow has partnered with Altech Card Solutions (ACS), a division of Altron TMT, to offer Thales HSMs (hardware security modules) to digital signature customers.

Using SignFlow’s PKCS#11 cryptographic interface, SignFlow uses Thales NShield Connect HSMs to perform highly specialised cryptographic operations, and to fully manage and secure private keys and personal digital certificates.

Head of digital at SignFlow’s parent company PBSA, Leon can der Merwe, says the partnership with ACS sees SignFlow extending its integration reach to include the Thales NShield range of network attached, FIPS 140-2 Level 3 HSMs.

“Apart from deploying the NShield devices in the highly-secure SignFlow Cloud, we now also offer the NShield range to corporate customers who would like to localise and manage their SignFlow private keys in private data centres.”

The SignFlow HSMs are directly integrated with multiple local and global CA’s (Certificate Authorities) to offer stringent, legally compliant Advanced Electronic Signatures (AES), Qualified Electronic Signatures (QES) and Adobe Approved Trust List (AATL) certificates, which are applied to documents through its digital signature application.

A division of Altron TMT (Pty) Ltd, ACS was formed in 1993 and is today firmly established as a leading player in the secure electronic transactions market.

It is Thales’ established track record in the payments security space and global footprint in hardware and software encryption solutions that makes this partnership so advantageous, says ACS.

SignFlow, an enterprise-class digital signature and document workflow application, was born in a digital era that has seen new business opportunities emerging as paper-based systems are replaced by digital platforms.

SignFlow digital signatures are powered by robust public-key infrastructure (PKI) technology, which is recognised as best practice for ensuring digital accountability. SignFlow digital signatures offer an effective, secure and legally compliant method of providing accountability during electronic transactions.

“Our partnership with ACS will benefit customers across the spectrum – including consumers using SignFlow’s SignFREE to sign documents, businesses using the SignFlow Cloud to distribute documents and government and corporate institutions using SignFlow’s Enterprise Hybrid Servers and Private Network Servers to digitally sign and workflow documents for sign-offs,” says Van der Merwe.