Compliance

How can SwipedOn help your business meet regulatory compliance requirements?

GDPR, ITAR, CCPA, CTPAT, FSMA - is your head swimming with all the different acronyms relating to security compliance? Are you feeling a little overwhelmed facing the mammoth task of ensuring your company is addressing all of their compliance requirements?

We’ve got some good news - SwipedOn’s visitor management platform is the perfect tool to support your business on your compliance journey. As an international company working with businesses from a wide range of industries, we are well-equipped to offer the support you need to comply with the following list of common compliance standards via our customizable platform.

Jump to... ITAR, C-TPAT, CCPA, FSMA, GMP, GDPR, APA, NZPA

What is ITAR?

International Traffic in Arms Regulations (ITAR) controls the export and import of any defense-related services, articles and technologies defined under the United States Munitions List (USML).

In short, if a company does business of any kind with the US Military then it must be compliant with ITAR. The flow-on effect of this is that more companies are requiring their supply chain members to be ITAR compliant as well. So if you fall into any of these five categories: Wholesaler, Contractor, Tech/Software Provider, Distributor, or Third-Party Vendor to the US Military then you will be required to comply with ITAR’s rules.

As ITAR’s main purpose is to prevent unauthorized access to data by foreign nationals, your visitor management is an important component in ensuring compliance. It is your responsibility to ensure that sensitive information isn’t accessible to just anyone - SwipedOn is the perfect tool to help you do just that.

SwipedOn helps you to comply with ITAR by:

• Enforcing mandatory registration of all visitors and contractors on arrival. Pre-registration can be enforced if required so you’re always aware ahead of time who will be visiting.
• Enabling you to customize specific check-in questions to ascertain the purpose of the visitor and what type of authorization they will need.
• Capturing every visitor’s digital signature on any type of legal document or NDA that you wish them to comply with whilst visiting your business.
• Printing custom visitor badges with photos, security access and any further detailed information for fast identification and authorization.
• Sending automated notifications either by email or SMS to hosts so they’re aware of visitor’s arrival.
• Allowing you to screen every visitor before approving or denying entry onto the premise.
• Providing access to visitor history and their time-stamped movements in and out of your business for audit or reporting purposes.
• Exporting any data required for insurance or audit-related queries.

What is C-TPAT?

Launched in 2001, the Customs-Trade Partnership Against Terrorism (C-TPAT) is a voluntary partnership program led by the United States Custom and Border Protection Agency (CBP) that aims to strengthen and improve U.S. border security whilst also improving companies’ supply chain processes with respect to protection from terrorism. 

If your company wants to achieve C-TPAT certification you will need a documented process to ensure that your international supply chain is determining and reducing risk.

SwipedOn assists you to implement appropriate security measures required under C-TPAT, such as:

Providing controls to prevent unauthorized entry to facilities.

• Each location’s gatekeepers (security and/or reception) have full visibility of all authorized people - this includes visitors, contractors, suppliers and employees.
• Proof of identification can be captured at sign-in and any other necessary information, creating an audit trail of all entries and exits.
• Administrators can set rules for pre-registration so that visitors are pre-authorized before they arrive with access being denied if they’re not.
• The host is automatically notified of a visitor's name and details via email and/or SMS upon sign-in.
• Administrators can also set rules that require the host to authorize the visitor before entry is approved.

Providing the ability to ensure the positive identification of all employees, visitors and contractors at all points of entry.

• The personally identifiable information that is required on entry to your business is customizable and can include name, organization, email address, phone number, photo, identification type and more.
• On arrival their entry can be denied if their certifications, approvals or qualifications have expired.

Offering a system for employee identification to be in place for positive identification and access control purposes.

• Using our Active Delivery sync to maintain your employee list means that there is always a ‘current’ list of employees and their profile info available in the system to be viewed by the gatekeeper when the respective employee requests entry to a facility.
• Enabling employee photos on sign-in.

Supporting a facility’s policies around issuing visitor, contractor and employee badges - including the ability to have a badge returned field that security/reception could monitor to ensure all badges are returned by the end of the day.

• Ensuring that visitors provide photo identification for documentation purposes upon arrival - this can be captured on entry.
• Offering the ability to print badges which can include info such as name, photo, organization, date and time of visit, and more.
• Sending visitor arrival notifications via email and/or SMS to the host via the app.
• Offering the ability to require an administrator to authorize a visitor for entry before they’re issued with a visitor badge.

Retaining historical records of all entries and exits from facilities so that audit records are available indefinitely and can be exported in a timely manner.

Supporting multiple entry points and data sharing between security guards/reception/concierges via the SwipedOn dashboard so that all gatekeepers can monitor who is in the facility at any given time.

Allowing for the arrival and dissemination of packages by the gatekeepers via the Deliveries add-on.

What is CCPA?

A relatively new Act launched at the beginning of 2020, the California Consumer Protection Act (CCPA) is designed to give consumers greater control over their personal data and the right to know which businesses are using it. The act’s four primary goals are that as a consumer and patron you can be afforded to own, control and secure your own personal information and in doing so hold big corporates accountable.

SwipedOn assists your company to comply with the CCPA by:

• Offering you a full audit trail and reporting functions via our data export option.
• Offering you the ability to add in a clause to your Data Privacy Policy that will ensure anyone signing into your company is giving explicit consent for their information to only be used by your visitor management app and confirming that it will only be processed in accordance with the highest safety and security standards.
• Allowing administrators to anonymize visitor data to ensure that no personal identifiable data is kept for longer than it’s needed, or deleted when requested.

What is FSMA?

Enacted in 2011 by the FDA (Food and Drug Administration), the Food Safety Modernization Act (FSMA) main focus is to make food handling safer in the United States. This protection of the food supply chain process and food-related safety issues includes who has access to food production sites and when. For your business to comply with this act you’re responsible to ensure that visitors or contractors are complying with the safety regulations of your site, whilst also feeling welcomed and safe at the same time.

SwipedOn helps your business comply with the FSMA by:

• Allowing administrators to pre-register all visitors and contractors.
• Documenting responses to Q&A’s for health and safety guidelines - and allowing administrators to deny visitors that don’t meet particular health requirements.
• Ensuring visitors agree to your business Health & Safety policy on arrival and their digital signature is documented/collected.
• Documenting the provision of Personal Protective Equipment (PPE) as required for visitors.
• Printing detailed custom visitor badges for identification and authorization.
• Offering secure cloud storage of your visitor data.
• Offering the ability to easily track and export visitor data for reporting and audit purposes.

What is GMP?

Good Manufacturing Practises (GMP) help ensure a quality product by implementing best practices, which have the force of law, to require manufacturers of food and beverages, cosmetics, pharmaceutical products, dietary supplements, and medical devices to follow certain regulations. The main aim of these regulations are to protect the consumer from purchasing a product which is not effective or even dangerous.

SwipedOn assists your company with meeting GMP requirements by:

• Keeping track of visitors/contractors/employees and their movements.
• Ensuring hazard notice compliance with custom questions that must be answered.
• Assisting with induction management.

What is GDPR?

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy. 

GDPR’s primary purpose is to create one coherent data protection framework across the EU. In doing this, GDPR substantially enhances data protection and privacy rights for persons in the EU, and imposes a comprehensive set of principles and obligations with which organisations operating or offering products and services in the EU must comply.

SwipedOn can help you comply with GDPR by:

• Replacing insecure paper log books with a system where visitor information is kept private.
• Offering you the ability to archive or anonymise visitor or employee data easily with a range of inbuilt tools.
• Processing data on your behalf in a secure way using sub-processors that are covered by the EU/US Privacy Shield.
• Covering your legal privacy requirements with our comprehensive Terms of Service and an EU Data Processing Addendum.

Visit our GDPR page for more information about how SwipedOn can help you with GDPR requirements

What is APA?

The Australian Privacy Act 1988 was introduced to promote and protect the privacy of individuals and to regulate how Australian government agencies and organisations with an annual turnover of more than $3 million, and some other organisations, handle personal information

How does SwipedOn help you comply with the APA?

• Offering you a full audit trail and robust reporting functions via our data export option if someone should request what information you hold about them.
• Offering you the ability to add in a clause to your Company Visitor Policy that will ensure anyone signing into your company is giving explicit consent for their information to only be used by your visitor management app and confirming that it will only be processed in accordance with the highest safety and security standards.
• Anonymizing visitor data via custom data retention periods to ensure that no personal identifiable data is kept for longer than it’s needed.

What is NZPA?

Updated December 2020, the New Zealand Privacy Act (NZPA) completes a long-anticipated overhaul of New Zealand’s privacy law. In addition to new reporting obligations and notification requirements for privacy breaches, the Act makes several significant changes to New Zealand’s privacy law. Companies that hold information about individuals must be prepared to comply with the new data breach reporting obligations.

How does SwipedOn help you comply with the NZPA?

• Offering you a full audit trail and robust reporting functions via our data export option if someone should request what information you hold about them.
• Offering you the ability to add in a clause to your Company Visitor Policy that will ensure anyone signing into your company is giving explicit consent for their information to only be used by your visitor management app and confirming that it will only be processed in accordance with the highest safety and security standards.
• Anonymizing visitor data via custom data retention periods to ensure that no personal identifiable data is kept for longer than it’s needed.