Other Voices: 4 Steps To Managing Data Compliance

Remember when data was something you controlled and not your enemy? Get the upper hand again, and even gain a competitive advantage.

InformationWeek Staff, Contributor

August 20, 2003

4 Min Read

Not 20 years ago, executives had an easier time knowing what information to keep on hand for compliance purposes. Important documents were typically stored in clearly labeled files and large boxes, and that was that.

Then came PCs, data networks, E-mail, and the Internet. The volume of data produced and stored in one form or another increased with each iteration. And regulations changed, too, sometimes radically. In just the last couple of years there have been sweeping new data rules over investing, banking, and privacy.

Nobody wants to be on the evening news for discarding critical information. Nor does anyone want to explain to a superior that needed information is missing.

Where records management had been a quiet, even routine, part of business, the novelty today is that records management applies not just to legal and IT issues, but to management of all the information that flows across an enterprise, along with its relations with customers, suppliers, and partners. This information is as vital to meeting compliance needs as it is to running business effectively.

And yet, most firms aren't there yet. According to IDC, 80% of business information today is in unstructured formats such as E-mail, graphics, audio, and video--buried and unmanageable inside the organization. All this buried treasure needs to be scanned and digitized, stored securely, and be readily available for internal and external tracking up to and including producing original documents.

As daunting as this may be, there is a powerful upside: Companies might improve their performance in meeting tighter records-management requirements. And the technology is available to make it all happen.

Acuity Insurance, for example, found that integrating its internal and external business processes allowed it to adjust more quickly to global changes in law. It also increased its business with independent insurance agents by 35%, drove up customer satisfaction to 97%, and cut costs. In another case, Crédit Lyonnais found that in bringing its transaction processing into regulatory compliance it boosted customer satisfaction by 30% and reduced administrative costs by 30%.

Here's how to get started on this kind of transformation:

First and foremost, businesses need to put in place up-to-date records-management policies and systems that capture all the information that companies produce and store--without exception. That means capturing every E-mail, document, and instant message.

Second, as information is created, it must be stored in a nonerasable format that can be validated as genuine. In certain cases, the original document by law must still be held, but a digital version must also be available on demand. And from a productivity point of view, storage can't make it harder for employees to do their jobs.

Third, enforce internal and legal retention periods. Make security airtight so that critical data cannot be tampered with or destroyed.

Fourth, make it easy and quick for regulatory authorities to search and retrieve anything they need. This is where mere data becomes information assets, enabling you to capitalize on the raw material stored inside the enterprise no matter its location or form.

Companies also need to pay particular attention to two technology issues, standards-based middleware and content management. Bringing data together across the enterprise is a daunting task, given the complexity and heterogeneity of systems, applications, and vendors that most companies deal with today. That kind of IT diversity isn't going away. It's getting stronger.

For example, enterprise technology typically encompasses eight operating systems, none of which work together. This doesn't include customer and partner systems and applications, which play an increasingly prominent role in Web-based business processes and transactions.

Don't let this complexity be an insurmountable roadblock. The way to integrate across and beyond the enterprise is to build on standards-based technology. Standards-based middleware and content management can help companies integrate and automate their business processes without having to start over again.

Finally, choosing an open, standards-based technology will give you the flexibility and agility to change your compliance policies and systems as the regulatory environment evolves--which is a certainty. The only certainty in this life is change, and your business needs to move just as quickly.

Brett MacIntyre is VP of content management for IBM.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights