Current Issue    Archived Articles  
  Jan 15 05    Oct 15 04    July 15 04    April 15 04    Jan 15 04    Oct 15 03    July 15 03    April 15 03    Jan 15 03    Oct 15 02  
location  :  Archived Articles    -->  Jan 15 04    -->  Software Corner   
search this site
 
 
 
 
For More Information, visit...
 
 
 
 

Regulatory Compliance: Utilizing Software
to its Fullest Potential
by Diane Hage
Software Sales Manager
Datatrend Technologies



Sarbanes-Oxley, HIPPA, the USA Patriot Act, SEC and NYSE and NASD regulations, e-mail rules, Gramm-Leach-Billey Act: each one requiring businesses to be compliant and able to meet nationally set standards, including information access, information shared, and information retrieval.  Gone are the days of merely dragging out boxes of paperwork to serve as proof of a transaction, dialogue, or participation in an activity.  Today’s businesses are expected to be electronically compliant, and access content: both documents and data - - over a multi-year time period.  Such compliance requires new ways of storing information, larger storage infrastructure concerns, and the right set of middleware and software management tools to help the process.

Companies today are struggling to understand this new responsibility, but it is being discussed at the highest corporate level. Email and records can be subpoenaed and executives in public corporations held accountable.   CIO’s are looking for industrial strength, not point solutions, all while the clock is ticking and the costs for this compliance are unknown. 

Compliance is truly an enterprise-wide concern, across industries, and includes national and industry focused regulations.  Following is a quick overview of the various regulatory compliances in place today:

Regulated Products and Services:

  • Life Science:   CGMP, Part 11 and eSubmissions
  • Health Care:   HIPPA
  • Financial Services:   SOX, Sect 802, email Archive & Records Retention (17a-b)
  • Manufacturing:   EPA, Consumer Protection and DOD5015.2 

Corporate Governance:

  • Financial Compliance:   Internal Controls, SOX 404
  • Human Resources & Legal:   OSHA, DED, and Document retention policies 

Operational Excellence:

  • ISO, Six Sigma

Compliance can touch every area of a business, and if you don’t have someone in charge of records/compliance management, you probably soon will have. That person will need to be focused on:

  • What lines of business and processes are subject to compliance/regulations?
  • What are the reporting requirements and when are the deadlines?
  • What sources of information are required?
  • How long is retention required?
  • How are we monitoring compliance?
  • What IT systems are in place to monitor compliance?
  • What are the operational costs of complying?
  • How will we audit our compliance position?


How long are records expected to be retained, and more importantly, be accessible?   That depends.  HIPPA expects hospital medical records to be kept for a minimum of 5 years, while the records of a child for up to 21 years, and full patient records perhaps for his/her lifetime.

In the area of manufacturing/Life Sciences, retention of records is expected from a minimum of 2-5 years, depending on whether it is food, drug, or biological manufacturing.

And the SEC 17a-4 mandates that e-mails and financial statements be kept a minimum of 3 years, while trading account records should be kept a minimum of 8 years, or perhaps the full life of the account.

The laws, actually, are in many cases, still being written, and definitions of how much to keep, in what format, for how long, and what the penalty would be, are, in many instances, a work in process.   What is sure is that the penalties are large, and have been dealt to some of the largest offenders, forcing CFOs to take this compliance issue rather seriously.  According to an IBM survey taken in 2003, only 1 in 10 CFOs and financial executives view their internal controls as compliant with Section 404 (the section designed to provide greater assurance to shareholders regarding a company’s internal controls.) 

The majority of businesses who will be affected by Sarbanes Oxley are choosing to use this need to comply (the first deadline is mid-year 2004) as a time to review their complete systems, looking for ways to streamline systems and improve real-time business process efficiency. 


“The Sarbanes-Oxley Act is forcing organizations to rethink basic business procedures, providing an opportunity for companies to improve business capabilities, create transparent and standardized data systems, and improve real-time business process efficiency.”
                                                - Susanne Rushka-Taylor, BCS Consultant. 


What tools and middleware solutions can help you in your process?   From IBM, there is a Lotus Workplace for Business Controls and Reporting is a web-based, collaborative solution specifically designed to help publicly traded companies automate significant aspects of their business controls framework in response to the internal controls requirements under Section 404 of Sarbanes-Oxley. 

Financial firms who create investment reports which affect investor decisions of millions of dollars need to look for more efficient ways to improve their research productivity, information access and to be able to reuse their research materials, while quickly delivering those reports to key customers.   A new offering from IBM, called the DB2 Content Manager Solution for Research Compliance offers compliance with NASD 2711/NYSE Rule 472, but provides the ability to track and review research throughout its cycle, and work with varied input/content as well as handle complex document management requirements. 

Companies today, whether through merger & acquisition, or through internal “habits” often have diverse database (structured, e.g., Oracle, SQL, DB2) or content (non-structured, e.g. Web info, XML, images, sound) in use throughout their firms.   By working with an Information Integrator for Data or Content, your firm can work from a federated data approach while still accessing various data in their native format. 

And what about saving e-mail?   
Whether your e-mail choice is through Exchange or Lotus Domino, there is a CommonStore offering which will allow you to manage email archiving and retrieval, to reduce your storage costs, while providing security and auditability for your organization.  If you use SAP, there is even a CommonStore for SAP to save for that format

Your IT infrastructure will be affected, and your storage options may change as well.   Is the information you need to retain needed on-line, where your requirements are fast retrieval for selected people/departments, near-line, where the need would be for a high capacity, low cost, but fast write capability, or archive, where you need permanent media, yet with quick random access. 

The challenges that businesses face today involve the need to be compliant, improve business efficiencies, and manage an ever-growing and divergent compilation of records, structured and unstructured data and “content”, as well as information integration, access and retrieval.   All in a timely fashion.  All within guidelines, easily provable, and from a business perspective, affordable. 

Trust that you can call on Datatrend, and within our internal resources and external partners, we will have the wherewithal to listen to your needs, and work with you to build a compliance plan to suit your needs. 

Datatrend's TrendSetter eNewsletter
January 15, 2004