|
|
|
Features
< Back
Compliance : Sarbanes Oxley : Auditing : Continuous Auditing
High Tech Peace of Mind
By
George Everhart
|
|
George Everhart
CEO
SealedMedia
|
Chellappa Kumar is working overtime to master the intricacies of regulatory compliance. As chief information officer at the New York College of Osteopathic Medicine (NYCOM), Kumar oversees sensitive computer systems for the nation?s second largest medical school and related health care facilities across Long Island.
If any computer within the NYCOM network fails to ensure student or patient privacy, Kumar could wind up with a regulatory nightmare on his hands.
?On Wall Street, everyone is talking about Sarbanes-Oxley compliance,? says Kumar.
?But the ripple effects of Sarbanes-Oxley, HIPAA and other regulations are being felt across all industries and businesses. Everyone is trying to figure out how to properly safeguard intellectual property?whether it exists on paper or electronically.?
Indeed, communications and documents exchanged between executives, board members, finance, legal, and human resources should all be considered--at minimum--highly confidential. And in the age of global commerce, companies must increasingly protect inter-company, customer and partner communications that contain sales, pricing, product roadmaps, R&D previews, marketing campaigns, training and other information.
?In the global marketplace, no company is an island onto itself,? says Ed Golod, president of Revenue Accelerators, a consulting firm for sales executives in New York. ?Businesses are now interconnected to one another. And intellectual property shared between those companies must be safeguarded.?
Toward that end, many organizations are embracing Enterprise Digital Rights Management (E-DRM)?also known by technology mangers as Document Lifecycle Management (DLM) systems. Think of DLM as a family of software that truly protects and secures intellectual property?from creation throughout its use by designated employees, customers or partners.
Simply put, it allows organizations to gain unprecedented digital ?remote control? and management over information?whether the information exists on a computer?s hard drive, in an e-mail system, a mobile computer, a BlackBerry wireless handheld device, a CD or USB thumb drive, or somewhere on the Internet.
?Ultimately, organizations need to get their arms around all of their electronic and printed assets,? asserts Sanjay Anand, author of The Sarbanes-Oxley Guide for Finance and Information Technology Professionals.
?When regulators come knocking, you need to be able to retrieve specific e-mails, memos and other types of information in a matter of days or hours. That?s where Document Lifecycle Management enters the picture.?
Profit Through Automation
Although many businesses still struggle to comply with Sarbanes-Oxley, Anand says progressive organizations are leveraging DLM and electronic communications to gain a competitive advantage in the increasingly regulated global marketplace.
From Dell Inc. to Wal-Mart Stores Inc., businesses that fully embrace electronic communications continue to flourish and post record profits.
Dell, after all, was among the first major computer companies to sell its wares online, and its automated supply chain systems allow Dell to rapidly fulfill customer orders on a global scale. Similarly, Wal-Mart has shared data and sales information electronically with its suppliers for more than a decade, ensuring that store shelves remain stocked with the appropriated products.
Still, progressive companies can?t rest on their laurels. Faced with rising investor demands, the uncertain geopolitical environment and heightened global competition, businesses must somehow continue to raise productivity, slash costs and safeguard intellectual property as it moves across corporate and country boarders.
?Compliance is an issue that goes beyond publicly held U.S. organizations,? says Seth Miller, CEO of Miller Systems, a technology consulting company in Boston. ?It?s an international issue that forces businesses to tackle multiple conflicting regulations from multiple countries.?
?Businesses now face a triple whammy,? adds Golod. ?Your CEO wants you to increase performance and lower your operational costs. Yet you also have to invest in new systems that protect your information assets?whether the data resides within your company or somehow moves outside of it.?
Effective Document Lifecycle Management (DLM) strategies address these challenges head-on, Golod says.
Specifically, a modern DLM platform allows executives and employees to exchange e-mails, documents, spreadsheets and other types of data internally or to anyone anywhere in the world--while easily maintaining control over who, what, when, where and how the information can be printed, copied, forwarded, altered or viewed. ?Done properly, DLM provides ?remote-control? over information,? says John Castaldo, director of technology at a major communications company in Bethpage, N.Y.
Indeed, the document?s author/sender can revoke or eliminate access privileges at will, giving organizations the peace of mind they need to use electronic communications freely for even the most sensitive ?company confidential? communications?such as financial reports, business forecasts or research and development (R&D) initiatives.
Not every business, however, is marching forward. In fact, due to the risk of exposure, some organizations are reverting to antiquated techniques, taking such extreme measures as relegating their most important communications to paper. ?Going back to a pure paper environment is knee-jerk reaction that will ultimately undermine your business,? says Golod.
?You?ll wind up with slow, manual processes; poor information tracking and retrieval; and expensive office spaced filled with antiquated file cabinets.?
Consider the situation at Johnson Matthey, a major chemical company operating globally. Before 2004, the company used tedious paper processes to collect and distribute highly sensitive financial and production information each month.
That year, the company adopted a DLM solution, and according to Paul Axworthy, Group IT Manager at Johnson Matthey, ?With [the solution], we have a collaboration tool that enables us to address one of our greatest areas of business risk?information leakage; at the same time we have achieved significant time savings in compiling and sharing this information safely and securely. This has significantly improved our productivity and enhanced one of our key business processes.?
Go Digital or Go Broke
Johnson Matthey isn?t alone. From Harvard Business School to Vodafone, forward-thinking organizations use DLM to drive customer interactions, cut costs and safeguard intellectual property.
?When implemented properly, DLM is effective and reliable,? says Golod. ?This isn?t some sort of half-baked technology that?s long on promises but short on details. There are dozens of examples of companies that use DLM to streamline their business processes, speed executive-level decisions and protect information from probing eyes.?
Still, not all DLM solutions are created equally. Some are designed to only run with specific hardware platforms, software packages or file formats. Such ?proprietary? systems often prove to be expensive over the long haul, because companies must continually tweak the packages to conform with their business operations.
To avoid such pratfalls, organizations should seek a flexible, cross-platform solution that manages text, images, audio and video. The solution should also integrate with your existing communication systems, including e-mail and e-commerce systems.
?Don?t overlook your mobile and handheld computer environments,? adds Mike Elgan, a technology consultant in Santa Barbara, Calif. ?Devices like BlackBerry handhelds are moving from Wall Street to Main Street, USA. You?ve got to keep them in mind as you strive to properly safeguard all your data.?
Indeed, the shift from traditional desktops to wireless notebooks and mobile handheld devices continues to accelerate. In September 2005, notebooks outsold desktop PCs in the United States for the first time ever, according to Gartner Inc., a Stamford, Conn.-based market research firm.
Wireless handheld devices also continue to gain popularity: More than 3.65 million people now use Research in Motion?s BlackBerry device, up from 1.66 million users in September 2004, according to RIM?s most recent quarterly financial results. ?If you ignore that mobile user base, you leave yourself open to compliance risks that extend far beyond your corporate walls,? says Golod.
Regardless of the device used, your employees can retain control over documents, e-mail messages and other types of digital content from the moment it?s created through the day it?s discarded. ?You?ve got to remember that data rarely dies,? says Elgan. ?People revise data. Update data. And forward data onto peers for more comments. During each step, you run the risk of losing control of the data. DLM mitigates that risk.?
Ideally, the DLM system should be both simple?providing remote protection and information access with the click of the mouse?and scalable. A well-designed system should scale from 1,000 to 100,000 or more users, a critical requirement as information moves within and between multiple company networks.
Version control is another critical requirement. The typical employee in a large company now collaborates on more than a dozen documents per month, according to CIO Insight, a monthly magazine for senior technology managers. As employees revise documents over and over again, someone within the process must be empowered to enforce version control. Such a capability ensures that the final document contains all of the agreed upon changes from the group.
Automated Audits?
Although the compliance landscape continually shifts and evolves, regulations such as Sarbanes-Oxley are fairly well defined and understood by auditors. As a result, your DLM system should include basic functionality for regulatory compliance audit support?including automated notifications if a document is in non-compliance.
?There?s no single silver bullet in the software market that ensures regulatory compliance,? says Anand, the best-selling author and compliance expert. ?But we?re seeing rapid progress on that front.?
Partnerships are also a key consideration when evaluating DLM platforms. Without support from Microsoft Corp., Adobe Systems Inc. and interfaces with database and infrastructure systems, a DLM platform is likely doomed to failure. After all, Microsoft Office files are the most popular format for creating and saving text documents, spreadsheets and presentations, and Adobe Portable Document Format (PDF) allow documents to be exchanged in a secure fashion.
The Ultimate Upside
Once deployed, a DLM solution will provide powerful ?inside-out? information security?protecting data whether it resides within your company or outside your firm. DLM?unlike traditional paper-based file cabinet systems?also provides the ability to communicate strategic, high-value information quickly and confidentially, thereby accelerating business closure and time-to-revenue opportunities.
?It seems as if customers are taking longer and longer to make big-ticket buying decisions,? says Golod. ?Major purchases now require board- and executive-level approval because of heightened industry scrutiny. DLM is one of the technologies that speed decisions that might otherwise get delayed indefinitely.?
Finally, DLM improves information sharing between internal and external users. Partners gain timely information; sales departments gain greater efficiency over the entire process; product development and marketing organizations gain time-to-market and streamlined document version control; and the executive team gets a grip on compliance, by mitigating risk and improving accountability.
?Many technologies threaten corporate compliance,? says Golod. ?DLM is one of the rare technologies that provide quantifiable business benefits while enhancing a corporation?s overall corporate compliance initiatives. It?s a win for your executive team, employees, partners and customers.?
Technology managers such as NYCOM?s Kumar welcome that news. ?Compliance is becoming a bigger and bigger distraction in my day-to-day responsibilities,? says Kumar. ?Anything that helps to minimize that distraction and keep us focused on customer service is a win in my mind.?
|
|
|
|
