HighSide’s compliance suite is a secure, end-to-end encrypted, information archiving and eDiscovery platform.

Once activated, it is able to securely capture, archive and make searchable all messages, files and event logs for your HighSide team. 

It is particularly useful to organizations handling regulated data, and organizations with archiving/supervision requirements such as financial institutions and government agencies. It can help these organizations maintain complete records and event logs to avoid regulatory fines and other legal/reputational risks. 

For example, HighSide’s compliance suite helps broker dealers, investment advisors, hedge funds, private equity firms, exchanges, commercial and retail banks, lenders, and insurance agents, meet their content retention and oversight obligations, satisfying FINRA, SEC, IIROC, FCA, GDPR and MiFID II requirements. 

It also empowers these organizations to quickly and easily locate/export specific data for regulatory audits and examinations.

What Data and Events Does the Compliance Suite Capture? 

In its current iteration, the compliance suite captures messages, files and events from HighSide’s ultra-secure collaboration and distributed MFA products. This includes: 

  • Every time a user connects to the HighSide server

  • Team name updates from an administrator

  • The creation and deletion of new user groups and new rules within those user groups

  • The addition (Invite) of new users to the team

  • Every time a user's user group gets updated

  • When various settings get toggled such as the ability for users to delete messages

  • When users enable or disable any of our 2FA options

  • When users create either private and public channels

  • When a user changes the name of a channel or the channel topic

  • When a new user is promoted to owner of a channel

  • When users join and leave channels (Includes being manually added and removed)

  • When channels are archived

  • When users are unable to log in because their account has been disabled

  • When users are unable to log in because their account has been requested to be removed or another signup error

  • When a user fails to input the correct 2FA token (Both SMS token and Pin)

  • When a user cannot log in because their 2FA pin has been guessed incorrectly too many times (100 times)

  • When a user tries to use the signup token for a compliance bot on mobile. (Mobile clients do not support the compliance suite)

  • When a user tries to log in to the compliance suite but they have other existing accounts in their client (Both signup token usage and secret key login usage)

  • When a user cannot log in because their account is inactive

  • When an admin updates the data retention period

  • When a user finishes downloading a file along with who originally sent the file

  • When a users name gets changed

  • When a user resets their 2FA settings

  • When a users devices has been marked to be wiped on the next connection

  • When a user is verified or subsequently has their verification deleted

  • When an admin enables or disables AD sync

  • Every time a SecureDrive Drive (top-level folder) is created or deleted 

  • Every time someone uploads or deletes a file 

  • Every time someone downloads a file from the HighSide interface 

  • Permissions changes 

  • Whenever a user gets added or removed from a drive

  • Whenever a user leaves a drive

  • Whenever a SecureDrive file is changed

  • Whenever a Drive or file within SecureDrive gets trashed or untrashed

  • Whenever a setting is changed such as the version retention or trash retention period

  • Whenever a user locks or unlocks a SecureDrive file

  • Whenever a version of a file is restored from version history

  • Whenever a Drive has its name changed

Each of these events includes time and location data as well as the version of HighSide the event took place on and the operating system the user is running on. Future iterations will have functionality expanded to include archiving for external information sources such as email, other IM/collaboration apps, social media, websites/blogs and other data sources via APIs. 

Note: If you have an urgent requirement to securely archive an external data source not currently supported by HighSide, please contact us for assistance. 

What are HighSide’s eDiscovery and Search Capabilities?  

All captured data can be granularly filtered/searched and even exported for compliance and eDiscovery. 

The suite preserves context, time stamps and metadata useful for both supervision and eDiscovery. 

You are able to filter searches based on point in time, specific users, conversations or channels, and more. 

The suite includes an analytics dashboard for high level data visualization and insights.  

How is HighSide’s Compliance Suite Different than Alternative Information Archiving Platforms? 

HighSide’s compliance suite benefits from the same end-to-end encryption and authentication of our ultra-secure collaboration platform. It does not rely on usernames and passwords, nor TLS/SSL for security. Your archived data is never decrypted on HighSide’s servers and cannot be accessed or manipulated by members of the HighSide team. 

HighSide’s compliance suite not only features encryption in transit and encryption at rest (like many archiving solutions tout), but true end-to-end encryption. 

zm3Vg23ZcPzR4sgMRoG0IzkpkVGSqkO2sQ

ZBQEqQJThfmHjzrgKBB3L1tGEDlwHVPjiA

 

This is a very important differentiation because by its very nature, an archive is a one-stop repository of all of your most sensitive data and information - if it is not end-to-end encrypted that means that for the servers it is stored on, the server administrators, as well as anyone who hacks either the server or the TLS/SSL connection, it also becomes one-stop for an attacker to decrypt and access all of your data. 

When it comes to your archived data, security is paramount. 

Can HighSide’s Compliance Suite Pipe Messages & Events into a 3rd Party Archive via API? 

The compliance suite’s message and event logs can be exported and imported into any 3rd party application/archive of your choosing. 

If you are interested in automating this process via an API please contact us for more information. 

Note that depending on the importance and sensitivity of your data, we may not recommend exporting your data to a less secure 3rd party application.