Comprehending Compliance
Controlling Content Controls Risk
Compliance at its basic level involves creating, reviewing and storing content to support adherence to applicable laws or requirements. Controlling content in the business world enables a company to control risk. Technology can provide companies with the tools needed to help meet the steps of compliance, which include adhering to laws and standards, documenting, procedures, developing policies and internal controls, and testing the procedures, policies and internal controls to ensure they are being followed and executed properly.
According to AIIM, the key to a successful compliance strategy is integrating the idea of compliance success into your business- not viewing compliance as a project that can be completed and then considered "finished." While painful, complying with regulations should be viewed as an opportunity to improve common business processes and not just an ongoing cost to the business. Only securing compliance for one regulation such as Sarbanes-Oxley or HIPAA will cause your costs to continue to grow as each new regulation is delivered over the years. To help limit the risk and cost, proactive ECM strategies must be developed within key areas, such as records management and business process management. Ensuring that the proper business practices are followed and that content is properly captured, stored, managed, and disposed of at the appropriate and legal time in its lifecycle.
Developing a compliance initiative properly will tap many areas of expertise, particularly legal, IT, and records management; all in support of the overall business objectives of the organization. Individuals from each of these areas must contribute their knowledge and perspectives to ensure the benefits of a sound compliance program. While compliance is not always a technology problem, information technology, and the massive growth of unstructured content, contributes to corporate exposure. The tools of ECM, properly used, can help reduce the overall cost of compliance to the business.Since the Enron scandal, public companies are mandated to abide by the Sarbanes-Oxley Act of 2002 (SOX). Because there are numerous sections of SOX touching a variety of departments and business units, companies will need to develop various methods to ensure compliance with all components. It is advised that companies utilize technology with enterprise content management (ECM) functionality to enable them to:
- Retain, retrieve and distribute control-related documents
- Automate and strengthen internal control processes that are deemed to be manually intensive and weak from a control perspective
- Facilitate the actual process of documenting and testing the internal controls, with a flexible, SOX specific solution
- Automate numerous compliance and audit processes
Allow for ease of document retention, document retrievability and a solid audit trail
Even though only the larger, publicly traded companies are actually required to comply with SOX, many organizations are taking the opportunity to take one step or another to develop best practices and improve their risk management capabilities and internal control processes. Whether out of a legal need for compliance or just to be safe, Sarbanes-Oxley is driving many initiatives across many organizations.
In addition to SOX, there are more than 45 federal and state document management regulations in place, cutting across most industries in the United States. Those regulations are both horizontal and vertical in nature. For instance, SOX and SEC 17-A are horizontal — addressing common compliance issues across many vertical industries. In contrast, FDA 21 CFR Part 11 and the Gramm-Leach-Bliley Act (GLBA) address document management regulations in the life sciences and banking verticals respectively. Although each regulation differs in what type of data is to be protected, each delivers a common message: Companies must protect their data.
 |
 |
 |
 |
 |
