Author: Alfredo DeVanna, Vice President & Managing Director
The Situation
The need to comply with a slew of state, federal and industry-specific regulatory requirements is forcing many companies to re-evaluate their processes for managing enterprise content.
Over the past several years, mandates such as Sarbanes-Oxley (SOX), the Gramm- Leach Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), the Patriot Act and the FDA’s 21 CFR 11 rules have all imposed strict reporting requirements on enterprises.
Traditional records management systems that are focused largely on physical documents such as paper and tape have proven to be largely inadequate to meet the requirements imposed by such mandates. As a result, there has been a growing interest in applying enterprise content management technologies (ECM) and principles to address the compliance challenge.
ECM can help
ECM systems, by definition are designed to help companies manage vast amounts of unstructured data scattered about in distributed data stores, e-mail, word processing documents, spreadsheets and numerous other file formats.
The technology can help companies achieve centralized control of enterprise content and greatly improve the manner in which content is produced stored, archived, distributed, reproduced, shared and destroyed. From a compliance standpoint such attributes are crucial.
ECM tools allow companies to quickly discover, retrieve and compile the information they need to meet their compliance reporting obligations. ECM systems can help enterprises track and control document access and revisions and enable them to adhere to prescribed document retention, archiving and destruction schedules.
Perhaps most importantly, ECM tools can help business sift through enterprise content and identify only the data that needs to be protected from a compliance standpoint, thereby eliminating costs involved in managing too much information.
A good content management system can enable better e-discovery processes, and help companies build efficient digital content inventories over which they can exercise centralized control.
ECM for Health Care
The advantages of such control are enormous. With a regulation such as HIPAA for instance, all entities that maintain or transmit protected health information are required to implement strict security and privacy controls around the data.
Implementing an ECM suite can help covered entities exercise greater control over user access to protected health information (PHI) as they are required to under HIPAA. ECM systems can also help healthcare entities track all disclosures of PHI and establish the needed audit trails for tracking document history and document revisions.
ECM for Financial Services Companies
ECM systems can similarly help financial services companies comply with the requirements of GLBA. Under the Act’s financial privacy rule, all covered entities are required to provide customers with a notice detailing their privacy policies.
In this case, ECM tools can simplify the document distribution process, and log every customer notice that is sent for reporting and auditing purposes.
ECM for Publicly Traded Companies
Few regulations however, exemplify the need for enterprise content management techniques more than the SOX act. Under SOX, all publicly traded corporations above a certain size are required to establish and maintain tight control over financial documents.
They are also required to show how financial reports were created, and who accessed and modified those reports. As part of their SOX compliance requirements, enterprises need to be able to identify where errors or fraud could arise as a result of their accounting practices and requires executives to sign off on all financial reports.
The extensive document management requirements that are inherently built into the rule make ECM a no-brainer as far as SOX compliance is concerned.
About the Author
Alfredo DeVanna, is Vice President Solutions Architect and a Managing Partner at Yakidoo. He has over 10 years of international experience deploying over 80 critical information technology and enterprise content management systems. He is fluent in English and Spanish.
.jpg)
{ 5 trackbacks }
{ 0 comments… add one now }