'Compliance' Is a Dirty Word - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
Commentary
5/1/2008
10:37 AM
50%
50%

'Compliance' Is a Dirty Word

If there is one word I hate to hear used in this industry it's "compliance." To me it's like fingernails down a blackboard, and frankly if I never hear it used again then I would be a happy man... Let me be among the first to point out that the Compliance Emperor often has no clothes.

If there is one word I hate to hear used in this industry it's "compliance."

To me it's like fingernails down a blackboard, and frankly if I never hear it used again then I would be a happy man. Of course I have to endure the word in virtually every article and vendor press release I read. I don't like the word because it is a blanket term that used without context is totally meaningless, yet it's a word (much like governance) that sounds impressive and few people in the room will admit that they don't really understand it. Well let me be among the first to point out that the Compliance Emperor often has no clothes.The first question we should ask when the C word is used is: with what, exactly, do you expect to comply? It could be one of three things:

Policy Compliance - to meet the needs of internal procedures and policies

Regulatory Compliance - to meet the needs of a specific regulation such as the Federal Rules of Civil Procedure

Legal Compliance - readiness to meet any particular legal challenge that may impact your enterprise.

These are three increasingly stringent compliance types, all quite different and all typically requiring different strategies, technologies, and skill sets to support. When vendors blithely talk about compliance, it's incumbent on you to ask specifically to what compliance needs they are referencing. And also for you to consider, doyou have the patience and resources to manage such potentially granular compliance needs? It all looks so easy on a PPT presentation, but it can rapidly become near impossible to manage in reality. Many of the people I have been talking to over the past few months are in the most regulated industries out there, and virtually all of them tell me that despite very expensive compliance software investments, they have reverted to the most basic policies possible for retention and disposition. Pretty much what they had and were doing prior to buying yet more fancy technology. Think about it. If you are trying to justify the purchase of archiving or content management technology using compliance as the driver, you are very likely to fail. Sure, if you are a brokerage on Wall Street then theoretically at least you have to be compliant with certain regulations (such as SEC 17A) or you cannot trade. But outside of such places, most people wing it - be it in Pharmaceuticals, Energy, Aerospace or any other highly regulated sector you can think of. In fact, most enterprises have, at best, a cavalier attitude toward compliance. They know there are very few inspectors around (internally or externally), they know they have to do something spectacularly criminal or stupid to be audited, and they figure that ultimately it's just not that big of an issue. Frightening, and maybe hard to swallow, but true.

My point - if I have one beyond the need to rant - is that simple retention and disposition makes a whole lot of sense. It may only meet the minimal needs of compliance requirements, but in most cases it's enough. Mix this with the added benefits of promptly destroying content that you have no need to keep, and you can gain quick server and storage optimization advantages, over and above the increased ability to actually find stuff. Getting bedazzled by a technology pitch usually leads to a dead-end. You buy the tool, then you see the enormity of the task ahead, then you walk away. While anathema to many, simply doing something is nearly always better than doing nothing, but doing nothing and wasting a lot of money in the process really stinks.If there is one word I hate to hear used in this industry it's "compliance." To me it's like fingernails down a blackboard, and frankly if I never hear it used again then I would be a happy man... Let me be among the first to point out that the Compliance Emperor often has no clothes.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Slideshows
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Commentary
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Slideshows
Flash Poll