Topics:
Security
Do All Compliance Roads Lead To BPM?
On your list is a reliable message archiving system, but messages often contain attachments, which are files that live outside the e-mail, instant messaging and groupware environments. The most troublesome of those files are spreadsheets because changes are made to the files as they get passed around in the messaging environment, and unauthorized changes get made to the original file living on a networked server. So now you need a document management system, which sounds like a fine idea until the financial department says, in no uncertain terms, that it will not consider altering its consolidation system or open it to integration. So you go back and contemplate. If you can't manage the files and unstructured data without investing in point solutions that have to be managed separately, what else can be managed to automate the compliance processes? That's it—processes; you can manage processes, right? But now you're in for some major sticker shock. In addition to the six- or seven-figure dent an enterprise BPM system is likely to put in your IT budget, an effective BPM deployment requires a top-to-bottom re-haul of you business processes. So you decide there is pain, and then there is PAIN. Even if the big pain is, long term, the right way to go, you know it won't fly as a solution to your compliance problem. So you backtrack. Which processes are key for managing compliance? Most compliance activities center on controls, whether it's security, privacy, business performance, or risk management. So maybe you look at your policies and the processes that ensure policies are followed. But in most organizations today, the scope of business processes governed by policies is so vast that you're back in BPM land if you ever hope to automate those processes. And what about compliance activities that aren't controls-based, per se? What about all the additional storage requirements and the discovery requirements? Go through a non-automated legal or regulatory discovery process and suddenly the pain and cost associated with BPM doesn't seem so shocking. If you've found individual tools that work for managing specific compliance activities, that's great. I predict, however, that your business managers will tire quickly of the half dozen new dashboards on their desktops, and the endless alerts and workflows that result. Right now, BPM seems like the only logical way to consolidate all the compliance processes in to something manageable. It's not a silver bullet, in fact, the only bullet you'll see is the one you'll be biting. For more on that and some advice on biting the bullet without receiving lead poisoning in the process, see 101 Advice for Process Management Neophytes. And while you're at it, check out FileNet's new business activity montoring (BAM) enhancement to its BPM environment. Quick Rant I prefer the word "tools" instead of "solutions" because that's what they are. If a piece of technology helps you solve a problem, that's great, but I don't see how any product can claim to be a solution while its still in the box. |
| Sign Up Now For InformationWeek News Alerts |
This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
