skip to Main Content

Welcome

La Meer Inc. is a Silicon Valley CA based organization that offers the GRACE Suite of web based solutions for Operational Risk, Compliance Management, Client Compliance, Client Management, IT Risk, Vendor Risk and Operational due diligence.

Get In Touch

Email: info@lameerinc.com
Phone: +1(408) 740 7205
Address: 111 W. Saint John Street, Suite 430 San Jose, CA 95113, USA

Our Location

1-408-740-7205 info@lameerinc.com
Address GDPR, California Consumer Privacy Act, Canadian PIPEDA and Other Data Privacy Regulations with GRACE
Ensure the Process for Data Privacy and Protection are comprehensively followed whether it is within your organization or with vendors
CyberSecurity - Biggest Risk Plaguing Financial Markets
CyberSecurity - Biggest Risk Plaguing Financial Markets

IT systems have become the backbone of all operations in companies and hold the repository of all critical information about customers including their names, addresses , SSN, phone nos, emails, bank accounts etc.

A single hack into the systems can yield the bad elements access to this very important information that can be misused blatantly.  Outsourcing of processing, client Information in multiple systems and lack of protection,

Misuse of client information for target marketing and other activities have taken away control of client information from the clients and have put them in the hands organizations that could sell the information without the consent of the client

Having such large scale personal information has created huge vulnerabilities to cyber attacks and  compromise of critical client information.

 

Client Data Protection - Top Of Regulator's Mind
Client Data Protection - Top of Regulator's Mind

Regulators have responded by defining rules and examination priorities around cyber security and privacy and protection of client data as their highest priority. Large fines for violations have been defined by Regulations like GDPR, California Privacy Act, Canadian PIPEDA, Cayman Privacy Act and others to ensure that businesses are obligated to protect client information.

Regulators expect organizations to keep track of all the client data whether they be within the organization or with outsourced entities, ensure protection of this data against security violations and misuse. They also expect you to take client’s consent and establish the lawful basis for the collection and use of the data.

Regulators expect you build a central repository of client information that is being managed across the organization, identify the security management in place and ensure that client consent of information is being taken

GRACE Can Help You Track And Manage
GRACE Can Help You Track and Manage

GRACE IT Risk management has been specifically built to help you address the GDPR,California Consumer Privacy Act requirements. Other Data Privacy regulations that are likely to be passed in the future are likely to have similar provisions.

GRACE helps you set up Policies and Procedures for managing your IT systems and processes.  GRACE helps you collect information on client data and the processes in place in IT systems for  Client Consent, Lawful use of data, Data Security  in place for the data and how the “Right to be Forgotten” are being addressed.GRACE helps you gather information from data processor / vendor security management processes through surveys and forms, automatically risk score findings and identify risks of non-compliance ,risk score them and help you manage their mitigation.

GRACE can help you keep track of Breach information, conduct incident management and reporting to authorities and ensure future incidents could be prevented

GRACE Modules to Address GDPR, CCPA , Canadian PIPEDA and Other Data Privacy Regulations
Protect your client data comprehensively whether it is within your organization or with vendors

California Consumer Privacy Act (CCPA) Expectations

The California Consumer Privacy Act (CCPA), was unanimously passed by California lawmakers and signed into law by the Governor on June 28th, 2018 and has to be implemented by all organizations that provide services to California Consumers by Jan 1 2020.

It gives California consumers unprecedented personal data protections and possibly sets the tone for similar legislation in other states.

It offers new and wide ranging privacy rights for California residents, including a right to be informed about personal data collected by a business and rights to access and delete that information, a right to prevent personal information from being sold to third parties, and a right to data portability. The law applies to all businesses that collect or use this personal information, not just those companies in California. The California Attorney General may bring actions for civil penalties of up to $7,500 per violation and there is a limited private right of action for individual victims of data breaches for penalties ranging between $100-750 per violation.

Companies are mandated to develop and implement data policies, procedures and data governance processes to address 

  • The Right to Know, through a general privacy policy and with more specifics available upon request.
  • What personal information a business has collected about them, where it was sourced from, what it is being used for, whether it is being disclosed or sold, and to whom it is being disclosed or sold
  • The Right to “opt out” of allowing a business to sell their personal information to third parties (or, for consumers who are under 16 years old, the right not to have their personal information sold absent their, or their parent’s, opt-in)
  • The Right to have a business delete their personal information, with some exceptions
  • The Right to receive equal service and pricing from a business, even if they exercise their privacy rights under the Act.

Click here to Read Detailed Expectations of California Consumer Privacy Act

GDPR Expectations

The European Union’s General Data Protection Regulation (GDPR) comes into force on May 25, 2018 and is one of the most significant overhaul to data protection laws in a generation. It applies to organizations worldwide that offer goods or services to individuals in the EU, and the penalties for non-compliance are severe.

Article 5 of the GDPR sets out seven key principles which lie at the heart of the general data protection regime

  1. Processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  3.  Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
  4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)

The financial penalties for failing to comply with the GDPR are clearly defined: for each instance of noncompliance, up to 20 million Euros or 4 % of worldwide annual turnover (revenue), whichever is higher.

Companies are mandated to develop and implement data governance, protection and privacy of client information including where data is managed by outsourced third parties. All breaches have to be reported within to the regulators within 72 hours.

Click here to Read Detailed Expectations of GDPR

GRACE Modules to Address GDPR, CCPA and Other Data Privacy Regulations
Protect your client data comprehensively whether it is within your organization or with vendors

Manage IT Policies and Procedures

GRACE Helps you create comprehensive Policies and Procedures  for IT Risk identification and management for all the lines of Businesses of the organization.

Manage detailed reviews and comments by all related departments including legal, compliance, client management and other groups on how client management is gathered and being managed.

Ensure all comments are incorporated and release the policy or procedure

IT Inventory Management

GRACE Helps you Build the Repository of all your IT Assets including infrastructure and application systems, their location, the client data they store, the security on that data, the users who have access to it, and the processes in place for security management.    The inventory would also include systems that are managed by outsourced vendors.

Standardized questionnaires and surveys can be created to keep this data updated.

Roles and responsibilities for managing the data can also be assigned.

 

Manage Vendors / Conduct Third Party Risk Management

GRACE Helps you create and manage your vendor Database of vendor locations, contact persons, SLAs and Contract documents. You can conduct vendor due diligences and Risk Assessments to identify security management risks in their processes and manage and monitor their mitigation.

Vendor Risk Profile can be generated based on the no of risks seen so organization can take early corrective action. Periodic Monitoring Calendar and follow up items and recording of findings identify issues early and show trends

Vendor Dashboard helps you monitor issues and risks and view trends

Conduct IT Risk Assessments

GRACE can help you set up and use standardized checklists for periodic risk assessments for IT Risk within the organization as well as  within vendor organizations. You can set up Calendars for assessments and receive alerts . You can send out Risk Assessment Questionnaires Online and use Survey like function to collect information from within the organization as well as from vendors.

On site inspection can also be conducted using the risk questionaires. Findings from risk assessments will allow organizations identify risks, classify them, score them and manage their mitigation by assigning responsibilities.Findings from Risk Assessments could also refine policies and procedures and lead to enhanced training, re-attestation and other processes as mitigation.

The Risk assessment dashboard that can help track status of assessments, findings and mitigation task status

Incident Management

Forms are available for Online reporting of Incidents as soon as they happen. This enables the organization to react quickly to any breaches and other incidents and contain the damage.

Incident management includes various tasks that have to be undertaken to intimate various entities, assess the damage and take quick corrective action for client management. Incident reporting to authorities is also part of the process.

GRACE provides functions for status reporting and monitoring of various tasks needed for incident management to bring it to closure.

The Incident Dashboard is a powerful tool to see the frequency of incidents, severity and understand your vulnerabilities across internal systems and vendor systems and prevent future happenings

Client Consent Management

All systems that process client information should have consent from the client for the legal purpose of using the data as well their consent to share the data with other third parties where needed.

Clients also have the right to request to be forgotten. Organizations have to provide functions for the client data to be removed from all of their systems on such requests

Tracking of consent as well as the requests are an important part of the requirements of GDPR. Data from the systems and the vendors can be gathered on GRACE to monitor the status of client consent management

Conduct On-line Attestation

Ensure that all staff are sent the latest IT management policy / procedures for them to read and attest online.This ensures that the latest procedures for ensuring IT security are well understood by staff. Periodic attestation can help staff be reminded of the correct procedures for IT management.

GRACE can set up Attestation templates, as well as Attestation calendars for the staff / groups of staff can be included. Emails can be received to alert  them about the attestation. and reminders can be sent.

Attestation dashboard will allow the organization to see how many people are pending attestation and ensure all of them go thru the attestation process.

My Portal

My Portal provides a list of all the actionable items that are due from you, that includes requests for action, risk assessment questionaires, requests for review, tasks etc. It shows you the calendar of all your activities and leads you to action functions where each activity can be undertaken. GRACE also provides form for reporting Risk Status, task status, project status for incident management. GRACE also allows you to do your attestations on-line as well as record your training

Dashboards

GRACE offers multiple dashboard that are specialized for each area including Policy and Procedure Dashboard,  Risk Assessment Dashboard, IT Risk Dashboard, Incident Dashboard, Attestation Dashboard, Training Dashboard  etc. Access Rights can be turned on or off to each of the dashboards

Each dashboard will present the overall information, charts, trends, reports and queries and will allow Slice and dice & deep drill down on all information gathered and status of approval.Issues, risk and mitigation management and trends with graphics and reports will enable action to be taken.Reports can be queried for user defined criteria, printed and exported to Excel / PDF formats

The Great Value You Get from Using GRACE IT Risk Management
Manage your Data Privacy and IT Risk management comprehensively

Keeps track of your infrastructure

Keeps track of your IT Infrastructure and the cybersecurity protection in place for your client data

Ensure Policies are being followed

Ensures IT Policies and Procedures are in place and your staff knows about the procedures to be followed

Manage the risks with your Outsourced Vendors

Keeps track of your outsourced vendors to ensure that they have cybersecurity protections in place for your data

Identify Vulnerabilities Early

Helps you conduct periodic risk assessments to ensure Privacy of Customer Information and identify vulnerabilities early

Ensure Security, Business Continuity / Disaster Recovery processes

Helps ensure Business Continuity / Disaster Recovery processes within and across your vendors so you are not left vulnerable

Manage Incidents as soon as they happen

Helps you track and manage incidents to take corrective action and prevent future events

Easy integration

Integrates easily with tools to help you manage your infrastructure safely

Helps you manage your Regulatory Examination

Helps you manage books and records for regulatory examinations

Risk Management becomes online and real time

With an integrated web based access anytime anywhere, so risks can be addressed as quickly as they happen to reduce the costs of mitigation

Regulatory examinations can be handled with confidence

Centralized and visible risk management processes means regulatory examinations can be handled with confidence

Organization Ownership of Data

Organizations suffer when key risk and compliance staff leaves. The information is scattered if maintained solely by individuals and are lying on disks in various forms. GRACE becomes the single central repository of documents, data and processes enabling continuity even when key people leave the organization

Easy to Integrate and Customize

GRACE offers easy integration with organizational source systems to enhance the functionality and extend it at low costs. This is a great benefit for end users who can bring in all the relevant data into a single system through automated process allowing them to focus on risk management and compliance instead of data gathering

Enormous Cost Savings

Enormous costs savings in early mitigation, avoids regulatory fines, legal costs, reputation risks and empowers the organization in its ability to manage risks.

Latest News

La Meer releases GRACE Data Privacy V3.0 to address California Consumer Privacy Act

La Meer announces the GRACE for Data Privacy 3.0 to address the provisions of California…

La Meer offers GRACE SMCR for Senior Management & Certification Regime

La Meer announced the GRACE SMCR solution that addresses the needs of Financial Conduct Authority…

Regulation Best Interest (Reg BI): What to expect, and what do you need to do?

On June 5th 2019, SEC adopted the Best Interest Standard regulation Reg BI for Broker-dealer…

La Meer Announces GRACE Client Management V 4.0 to address Reg BI requirements

La Meer announces updated GRACE for Client Management that includes the requirements of Regulation Best…

La Meer Announces GRACE for Training Management

La Meer Inc. offers the GRACE Training Management system that now enables course contents to…

La Meer Inc. has been shortlisted for Best Innovative Technology for Regulatory Compliance

La Meer Inc. has been shortlisted for the Best Innovative Technology award by Regtech Insight…

NYPD’s Patternizr crime analysis tool raises AI bias concerns

The NYPD has rolled out Patternizr, a machine learning algorithm that helps analysts identify crime…

UBS hit with £27.6 million penalty over massive transaction reporting fail

UBS has been fined £27,599,400 by the Financial Conduct Authority (FCA) for failings relating to…

Back To Top