Introducing BPA Power Extensions on Office 365

BPA Power Extensions are powerful add-ins to extend capabilities of your existing BPA software on Office 365.

BPA Apps run on SharePoint with Office 365 and natively interface with technologies like Microsoft Teams for instant collaboration, Power Apps for mobile solutions, and Power Automate for process automation. With BPA Power Extensions, organizations will discover the almost unlimited capabilities of Office 365 by using our business applications. We have grouped extensions in 3 groups, by technology:

Instant Collaboration with Teams Apps

Microsoft Teams is used by millions of users for instant collaboration. Teams can be used as “interface” to BPA Apps for accessing or adding data. A new App had been released for searching and sharing business information in BPA Apps while discussing in Teams, without leaving the chat box (view video here: BPA List Search with Teams)

Workflow Templates on Power Automate (Flow)

Microsoft Power Automate, formerly named Flow, is becoming the most powerful process automation tool on the market, bringing a lot of cross-technology automation capabilities and connectors. We have developed prebuilt workflow templates to be plugged in your BPA Apps, like compliance document, nonconformity or audit workflow sets. Process automation brings information to the concerned users on the tools they are working with, productivity is improved and cost is reduced.

Mobile Solutions on Power Apps.

We are working on mobile solutions with Power Apps to give the best user experience and ergonomics for processes like inspection, audit or incident reporting. These mobile apps run on mobile phones and tablets, and can be used by workers on the field or production lines to register incidents or controlling items by taking photos, videos or recording voice.

>> Access the BPA Power Extensions Page



Integrated Quality + Information Security Compliance with Office 365 & BPA Apps

Combining Quality + Information Security – like required by ISO 27001 or GDPR – with BPA Quality on SharePoint/Office 365.

There are a lot of similarities in ISO clauses/chapters for quality (9001), environment (14001), information security (27001), health and safety (45001) and others. This means organizations can use the same tools to setup a “global compliance system”.

Continual improvement is best described by the Deming’s wheel (Plan-Do-Check-Act). Processes, objectives, risks, documents, audits, etc. are the tools to support continual improvement regardless the standards in place.

Let’s follow the PDCA approach to integrate an information asset register with your existing QMS, like required by ISO 27001 or GDPR regulations. For each value-added process, it’s required to identify data/document flows, what kind of data/document is stored and how.

This video presents a scenario to integrate information security with BPA Quality on Office 365, by simple configuration with no code.

In this example, we start from the overall value-added process map and drill down a process to view related compliance documents, audits, indicators, etc. The process data flow has been published in the QMS document library.

The information asset register has been created in the BPA app starting from an existing Excel register. Information assets are added with their required attributes, like data classification, retention and others. Significant assets with sensitive customer data requires a risk analysis. Controls need to be applied for assets with sensitive data.

The same approach can be used for environmental aspect, health and safety registers.

As a conclusion, it is possible to extend your QMS to a global compliance system by integrating new processes. Using a digital app like BPA, you can convert any spreadsheet to a new data register and connect it with the existing modules for continual improvement.

Ask for a BPA Quality Free Trial Now !


Introducing Contextual Help & Training Add-in for BPA Software

BPA Solutions entered into a partnership with VisualSP, editor of a walkthrough software for SharePoint and Office 365.

Not only end users will benefit from contextual help to use BPA’s software, they will get online training about quality, risk, GDPR processes and documents to improve quality of the delivered products and services.

Splash screens provide visible instructions to end users, including multimedia content, images or videos. Instructions can point to a specific context or graphics in the user interface, like a navigation link or button. By clicking the help button, users can access contextual help, start a walkthrough tour or view multimedia resources.

In this example, end users who access the compliance document module in BPA Quality can take a walkthrough session by clicking the contextual help button. They will learn about the company document approval process, understand how to search for documents, discover how to accomplish a document training and more.

Example: Contextual help on how to use the compliance document module with BPA Quality.

Once a document is distributed, targeted end users need to get trained about the document content. A different training-oriented walkthrough guides end users to understand the purpose of the document.

Example: Compliance document training walkthrough (HR Procedure).

Once the walkthrough is completed, end users can log training evidence in the BPA Quality software.

These 2 examples demonstrate how the VisualSP add-in brings value to end users, guiding them to use the BPA software and train them about compliance documents and good practices.

The VisualSP add-in is a separate module that can be used jointly with BPA software for quality, risk, GDPR or CRM.

Request for a free trial and discover how BPA Quality and VisualSP work together.

Making Your QMS Understandable to All by Using Graphics

A picture is worth a thousand words. This is also true for your Quality Management System.

Traditional software, databases and spreadsheets make your quality system hard to understand for end users. A reason for this, typical tools contain no graphics, process maps or visual flows.

Moving to a visual QMS will drastically help employees to understand how your company works.

We bring the most flexible solutions for quality and data privacy compliance, thanks to our no-code app building platform and Microsoft technologies. Power users can simply add their favorite images, maps, process flows in BPA with no pain.

Here are some examples to make your QMS understandable to all, by using graphics.

Process map and sub processes

A graphical process map is the entry door in your QMS and should contain all important value-added processes from client request to client satisfaction.

By using Microsoft Visio diagrams, you can design interactive maps with hyperlinks and dynamic icons (e.g. process health status). Visio diagrams can be connected to objects and attributes in BPA, like a list of processes, sub processes or assets.

By drilling down the process map, graphical flows make each process understandable with their main activities, input and output. Employees can quickly access process-related documents, SOPs and Work Instructions.

Asset Maps

BPA lets you track digital or physical assets, like data assets (needed for ISO 27001, GDPR, data privacy regulations) or equipment with related maintenance and calibration.

In this example, the graphical asset register displays the implementation stage status for asset platforms with regards to GDPR regulations.

Organization Charts

Organization charts (one or multiple organizational levels) is another way for employees to access processes, sub processes and compliance documents.

Ask us for an online presentation and discover new ways to make your QMS attractive by using graphics.

Microsoft Video

BPA helps customers to achieve more with the power of the Microsoft platform

Video and text have been produced by Microsoft.

A technology leader pioneering integrated user-friendly solutions and platform, BPA Solutions helps businesses to simplify Quality, Risk and GDPR compliance.

Headquartered in Switzerland with an Office in Seattle, the company has put his faith in Microsoft’s roadmap and developed its offering over time building cloud-based solutions on top of Microsoft Office 365 and Microsoft Azure.

Working alongside Microsoft teams, BPA Solutions has achieved Microsoft Preferred Partner status, providing additional credibility to its customers and improving its network and opportunities through collaboration with Microsoft Sales.

Benefitting from the agility of Microsoft and the power of the Microsoft platform, BPA Solutions helps its customers to achieve more, leveraging modern, evolving tools and exploring new technology areas.

Taking advantage of dedicated packages for partners and ongoing support, BPA is growing its business in partnership with Microsoft.

Global Data Compliance in 2019

Written by Mark Adams, David Kruger – iComply365, BPA’s strategic GDPR Partner.

GDPR’s operational launch in 2018 has put into motion a global tide that will change the management of personal and sensitive data forever.  Sensitive data for the purposes of this discussion is anything that that presents risks to data holders, whether private concerns or government agencies. GDPR has presented a case, not just to the EU but to the world that data can and should be properly managed. Time will tell how easy this will be or how well it will be policed, but the concepts embodied in the GDPR change expectations in a way we believe will have a lasting effect on global commerce, politics, economics and ethics.

The major trends we see developing this year include:

1. Compliance and Regulation Landscape

A quick look back and forward, with a focus on topics and trends that will drive the shape of compliance, the compliance market and the growth of RegTech.

1.1 GDPR will underpin similar global privacy frameworks

Most of the EU has made a good start to adopting GDPR, compliance measures to the standard will be tested at all levels in 2019, with fines and actions intended to show both carrot and stick.  Actions taken by regulators (like Frances £44m fine on google this month) and commercial class actions (driven by public sentiment) against global tech giants like Google and Facebook and others will ripple through all markets, increasing pressure for all to manage data in a consistent and provable manner.

Much work is still needed to refine what global adequacy might look like, including the launch of the related e-Privacy Regulation, but the core principles will quickly become sufficiently refined to spawn new regulations and standards.

To facilitate this, the tech world needs to develop broad, scalable solutions and services that allow compliance to be operationalised and affordable for organisations of all sizes.

Aligning regulations currently include California’s CCPA and Brazil’s LGBD, Japan, South Korea, Mexico, other US states and the US federal government, Canada, New Zealand and portions of Asia and Africa are considering broad reaching privacy regulations.  Tech giants such as Microsoft are working to get ahead of the curve by influencing standards, implementing more compliance-enabling privacy and security controls into their products.

Smart organisations should leverage their GDPR process investments to ease their compliance with these global initiatives and so gain commercial advantage.

1.2 Brexit Effect

With all the talk surrounding Brexit and the various scenarios that could happen, it is useful to look at the potential effect on data transfer and what that might mean for organisations and their IT systems.  This article from Tim Hyman on Brexit is quite instructive – Data protection and your IT Systems.

Elizabeth Denham, the UK Data Commissioner, state in December: “the Government has already made clear its intention to permit data to flow from the UK to EEA countries. But transfers of personal information from the EEA to the UK will be affected.” Here’s a link to the ICO’s recently published guidance about Brexit and what it means for data protection compliance.

1.3 From Compliance to a Culture of Care

Data is now a risk as well as an opportunity. This requires a shift in mindset for organisations.  For the data protection officer, simply implementing better data protection and management may not be enough. In the 21st century, success will increasingly depend not on mere compliance, but developing a genuine sense of stewardship for the personal data under their care.

1.4 State and politically motivated attacks

State-influenced cyber attacks on organisations, journalists, dissidents, voting systems and politicians will continue to grow. All nation states attempt to steer the voting patterns of both their allies and their enemies—and they always have.

A worrying and growing trend is states monitoring their own citizens for political purposes as played out in the case of Saudi journalist Jamal Khashoggi. Indeed, some technology firms appear to be focusing on exporting surveillance technology purpose-built to aide governments in spying on their own citizens. There is little doubt there will be more calls for this behaviour to be regulated. The surveillance state and privacy proponents have always clashed, but the fight is likely to be noisier and more public than in the past.

1.5 Nations will “try” to establish cyber warfare rules

Even in physical warfare, most nations have agreed upon a basic set of rules, such as the Geneva convention.  Some nations are acting as they can do almost anything with impunity. “Digital borders” are being tested and tensions are rising. Expect more calls for a “negotiated peace” in the form of treaties designed to reign in digital warfare.

The situation will continue to get worse unless global geopolitics starts to take this seriously.

1.6 Compliance and the Supply chain

Organisations are increasingly integrated into their supply chain, associates, suppliers, client portals, external IT service providers and more. A large proportion of breaches occur due to weakness in the supply chain. Whilst privacy legislation processes, supplier contracts, and advances in encryption and other security solutions are making incremental improvements, this area remains high risk and needs more attention.

1.7 Ethics

Data ethics emerged in 2018 is a priority for many leading organisations, stung by security breaches and that then reflected to be breaches of public trust.  2018 was in some ways the year where data mishandling, and trust hit rock bottom and now organisations must rebuild trust.

2019 should see organisations step up efforts to ensure ethical data use and ethical data practices.   Forbes suggest that demand for corporate data ethics and greater data responsibility is increasing.  Data ethics is not just good citizenship, it’s a good business practice.  It looks like organisations will add new roles and governance approaches to address this issue over the next year.

1.8 DPOs/CSOs/CISOs—Do they have the skills?

Cyber security and data management training will continue to mature, as a new generation of degrees and certifications are developed to bridge the current skill gap. Many of these will be post-graduate courses designed for senior professionals needing to augment their existing knowledge. “Master’s” degrees in data management and cyber security” will start to be mainstream with more and more companies looking to hire DPO’s/CSOs/CISOs with cross-disciplinary skills.

This means a complicated job will continues to get more so. Technology providers will need to step up to keep workloads down.

2. Operationalising Compliance

Central to our own business strategy is how do we leverage both compliance and IT know how to help operationalise compliance and data management.  It needs to be made as agile, efficient, transparent and as cost effective as possible.  The section below touches on technologies and topics we believe will contribute to the success of these goals.

2.1 Complexity and economies of scale is driving operationalisation

Technology researchers at Gartner, Inc. have noted that security detection and response, rather than just preventative measures is a now a top priority for organisations. With a worldwide shortage of nearly one million security professionals, we must automate routine processes to amplify the impact of trained human beings. Gartner predicts that by 2021, security and privacy automation will be high on the list for organisations.

2.2 Cloud Computing

The cloud continued its march toward domination in 2018. Two Deloitte surveys, for example, indicated that 90% or more of global executives are adopting, considering, or already using the cloud. Amazon Web Services, Microsoft Azure, and Google Cloud are all growing rapidly.

They are increasingly adding software and data management capabilities to their clouds, including enterprise data warehouses, DevSecOps, DataOps, advanced analytics, various forms of AI, Internet of Things, blockchain and robotics applications.

Security and Compliance as a Service will start to mature from vendors like Microsoft, whose Advanced Threat Protection (ATP), Azure Information Protection (AIP), Compliance Manager are designed to operationalise compliant working. These facilities example how CSP can help organisations to intelligently assess their compliance risks, to govern and protect sensitive data and provide data lifecycle management to effectively respond to changing and overlapping regulatory requirements.  Check out this 2-minute video.

Many organisations are adopting a shared risk, cloud-only model for information management as the most sensible way to balance capability, agility, risks and benefits, and the expenditure of time and money.  

2.3 Cybersecurity

McAfee Lab’s Threats Report suggests that malware exploiting software vulnerabilities grew by 151% in the second quarter of 2018. The volume of these attempts leads us to believe that the only way to address them is by using AI/machine learning for cyber-threat intelligence, detection, and resolution.  The question is whether the good guys or the bad guys master AI first.

Though far from a perfect solution, most websites and online services will abandon password-only access and offer additional required or optional authentication methods. For a while, the different forms of multi-factor authentication will likely confuse and frustrate users. Ultimately authentication will be hardened and mandated globally for all online transactions to provide the level of trust needed for eCommerce to continue and grow.

Like malware, spear phishing becomes even more targeted, Attackers know that the more data they have about you, the more likely a phishing campaign against you will succeed. AI in the hands of bad actors will further undermine traditional trust-based financial transactions by using detailed knowledge of prior transactions to dupe users.

Insecure email needs to be replaced by more secure communication for high risk transactions.  

2.4 AI impacts – Blending, People, Process and Automation

From an operational perspective, cloud services are investing heavily in artificial intelligence and machine learning, as they look to support and complement “the humans” who ultimately run organisations.   We see increasing numbers of organisations adopting a growing range of AI technologies to optimise the respective capabilities of humans and machines.

It’s a case of marrying use cases with the most appropriate AI technology solution in a manner that enables humans to stay in control whilst reducing risk.

2.5 DataOps

Data Operations (DataOps & DevSecOpps) is rapidly emerging in organisations that must manage data as a shared business asset.  A core goal of GDPR is to implement Privacy-by-Design as such these methods need to be more widely adopted.  DataOps brings engineering principles borrowed from the DevSecOps software development movement.  The intent is DataOps is to deliver “rapid, comprehensive, and curated data” to business analysts and decision-makers.  Forbes expect 2019 to be a breakthrough year for DataOps as organisations strive derive value quickly and efficiently from their data assets, but with less risk.

Encryption is now available in so many forms, that organisations can no longer justify breaches or operate insecure solutions due to implementation or cost constraints. 

We will shortly be providing more guidance on Encryption strategies. 

2.6 Managed Compliance Services

A recent ResearchAndMarkets.com report suggests that the compliance-related managed services market is likely to grow as much as 25% Compound Annual Growth Rate (CAGR) in the US over the next 4-5 years.  We believe growth in other regions will be similar as the commercial consequence for none-compliance ripple outwards.

Managed Compliance Services include: data management, data discovery and mapping, data governance, API Management, GDPR readiness assessment, data subject risks assessment and DPIA, DPO-as-a-Service, and GDPR-related training and certification.

Check out our Microsoft cloud compliance services

2.7 Compliance Apps and Solutions

Just like Compliance Managed Services, specific compliance solutions will be needed in one form or another to simplify and operationalise local compliance activities.  Very few organisations will want to re-invent the wheel by developing solutions from scratch if they can lower compliance lifecycle costs by using off-the-shelf solutions that fit their needs, work well and are reasonably priced.

We can find little specific data on this segment but given the number of vendors entering the market and the depth and breadth of solutions on offer, the market is significant and vendors that gain market share quickly should benefit geographically as compliance goes mainstream.

Solutions cover a wide gamut: endpoint security, legal, risk and compliance solutions, consent management, specific encryption solutions, enhanced authentication products and services, network security products and strategies, security analytics, intelligence, response and orchestration, secure storage and general security products.

Checkout our Office 365 BPA Solutions GDPR platform

2.8 Blockchain

2018 represented a year of major advancement in the use of blockchain technology to enable identity and supply chain trust.  Finance, asset management, and healthcare are taking the lead in adopting blockchain. Increasingly rapid development and adoption of blockchain technology bodes well for personal data protection, but some work is needed to blend this with other technologies and apply it to mainstream use cases.

Applying AI to Regulatory Compliance – Introduction Video

Artificial Intelligence – AI – is a hot topic at the moment. Microsoft has developed technologies for predictive analysis, usually suited for large volume of data. Industry sectors like hospitals start using these technologies for predictive patient treatments. Another aspect of AI is conversational intelligence, also called bots. A bot is a virtual companion that will guide end users achieving their tasks.

BPA’s development lab is working on creating bots to simplify user experience with our regulatory solutions for Quality, Risk and GDPR. A first experimental bot was developed to guide end-users to submit an incident. Using a mobile device, the end-user is prompted to report an incident. The virtual companion asks for important information to be logged in the system, prompts for immediate actions to be done and optionally proposes to append photos to the incident.

Once the incident has been reported, a workflow starts and tasks will be distributed to the concerned users for qualifying and investigating the incident. At the investigation stage, AI is used for optimal root cause selection, based on 5 why and Ishikawa methodologies. AI will further be used for optimal CAPA/Risk management by retrieving relevant historical data in the system and guide concerned persons to solve incidents quicker and more efficiently.

The experimental bot for incident reporting was developed on Microsoft Teams and runs with any mobile device. It will be soon available for our Office 365 customers. BPA is very proud to be on the front line applying AI to regulatory compliance.

BPA GDPR Compliance on Office 365

GDPR Compliance Simplified – App Introduction Video

BPA GDPR Compliance is a preconfigured app to simplify data privacy compliance and reduce the cost to be GDPR compliant. The app is ready to be downloaded from the Microsoft store and installed in your Microsoft Office 365 tenant.

Integrating all needed tools in a preconfigured template, BPA GDPR Compliance simplifies your GDPR journey, facilitates data privacy compliance which will leverage your company image and transparency.

View a short BPA GDPR Compliance introduction video below and ask us for a free trial today.

Cost Saving

Calculate Your Cost Savings with a Digital Solution

It’s not easy to deliver engaging, efficient experiences when you’re held back by pen-to-paper-based processes.

A digital solution offers a centralized location where organizations can efficiently store, organize, manage, access, and distribute information.

Cost Saving

For the quality/regulatory department, information typically includes forms (audits, incidents, non-conformances, CAPA, indicators, risks, equipment maintenance, training, etc.) and quality/regulatory documents. By giving collaborators quick and easy access to the information they need anytime and anywhere, digital systems help employees focus more time on their core activities.

What are cost saving opportunities with a digital regulatory compliance solution?

  • Electronic forms enforce collaborators to enter consistent information quickly and easily, reducing errors and manual rework.
  • Automated workflows accelerate the process of creating and distributing forms and documents across devices and platforms.
  • A digital system prevents collaborators to retype data at some point during the process thanks to data relations and automated reporting tools.
  • No paper processing is needed anymore, saving printing, scanning, postage and archiving costs.
  • Users spend a huge amount of time each day searching for information — an average of 37 minutes or 8% of the work day. Digital search tools can reduce search time by up to 50%.

Let’s crunch the numbers to see how much money your organization/department can save with BPA’s solutions.


How Automation Can Help GDPR Compliance

A World of Data

The amount of data being produced every day (about 2.5 quintillion bytes per day) continues to grow. To give you an idea of its epic growth, 90% of data that exists today has been produced in the last two years alone, and it doesn’t seem to be slowing down.


As of 2018, entire corporations operate online, with virtually all the information they hold housed in the cloud. The EU’s new General Data Protection Regulation (GDPR) might seem like another compliance procedure your company must worry about, but in truth, it should be seen as a benefit. It means greater protection for both the customer and your organization.

What Happens if You’re Not GDPR Compliant?

Marketing departments will refer to huge databases of consumer data to make strategic decisions. Along with this, organisations store copious amounts of sensitive data like employee records and private business operations data. And this is just to function daily as a business. Leaving your data unprotected or misusing public data in any way could jeopardize your reputation, scare off your customers and hit you right in the profits. It’s not difficult to see why data compliance is an important aspect for your business future.

Much of the change to GDPR has been consumer orientated. It ensures that data in circulation is collected, managed, and stored in a secure fashion. And puts more power into the hands of the consumer, allowing them to specify what data is stored, what it’s used for, and when it’s removed.

If you fail to keep your data secure and in line with the GDPR, the consequences are severe – namely fines of up to €20 million or 4% of your annual turnover.

To avoid near financial disaster, you will need to ensure your current data is stored securely and your means to acquiring new data follows the GDPR guidelines. Which could be anything from featuring an optional tick box on your website (to gain permission to share consumer details) to trawling through vast servers of data with a fine-tooth comb. The execution of perfect compliance is, without a doubt, a difficult task.

Behold! Compliance Automation

What you’ll find with big changes in regulations is that it forces you to review a lot of your processes, and this is where automation can help. By taking advantage of the right automation technology, compliance becomes a lot more palatable.

Compliance automation delivers much more than enhanced efficiency, it also provides several benefits to risk control:

1. Automation standardizes data giving you consistent results. With an automation platform in place, compliance teams can rest easy knowing they’re adhering to all regulatory requirements.

2. Automation reduces labour costs, saves precious time and keeps you safe. Come audit time, all the relevant data will be available at the click of a button. With automated workflows there’s no laborious data gathering or risk of human error from manual processes.

Microsoft Office 365

Embracing a reputable online tool to automate your workflows will be your key to cloud compliance, and Microsoft Office 365 is the perfect solution. Not only will you benefit from the millions they have invested to protect customers who process data using their systems. But your company data is much easier accessed come audit time, since all of your employees are using a single central platform.

A Solution That Really Solves the Problem

While part of the solution to staying compliant is building the right automated workflows, it shouldn’t stop there. The newly released BPA GDPR Compliance software is unique. It’s a unique GDPR compliance solution that’s fully integrated with Microsoft Office 365, so the thought of spending weeks migrating your data is not a problem. Secondly, it’s been configured by GDPR professionals to provide you with a ready to deploy process engine that simplifies the complex jargon of GDPR into practical business terms. This lets you apply the changes straight away.

Get up to Speed, Fast

In essence, the GDPR offers a great opportunity to digitally transform – giving you long lasting benefits. Also, automating compliance processes will standardise the quality of your compliance every time, giving you complete peace of mind.

In fact, with the new regulation just around the corner, it’s imperative that companies everywhere get up to speed with the facts. We have recently teamed up with GDPR specialists to produce a whitepaper containing advice and solutions for protecting data, which you can download below.

BPA GDPR Compliance software solution, is a pragmatic, ready-to-use digital tool for easy, affordable, automated data compliance, helping to establish asset transparency for even the smallest of organisations.

Download the “GDPR Compliance Simplified” eBook.