What you don't know about compliance and its impact on Information Lifecycle Management.Many comparisons have been made between the Sarbanes-Oxley regulatory requirements and Y2K See Y2K problem and Y2K compliant. Y2K - Year 2000 . The effect on the technology industry (and the resulting reaction from the business community at large) has striking parallels ranging from the infusion of IT spending to the paranoia and knee-jerk reactions many companies are exhibiting as they desperately seek compliance. While the similarities to Y2K are apparent, what is prominently different is that there is not an end date where companies will survive or fail based on their business acumen and the investment applied toward becoming compliant. This is a race without a finish line. Even more unsettling un·set·tle v. un·set·tled, un·set·tling, un·set·tles v.tr. 1. To displace from a settled condition; disrupt. 2. To make uneasy; disturb. v.intr. is the degree to which there is not a checklist or fail-safe way to know if a company is compliant or not. Sarbanes-Oxley has been a catalyst for positive behavior, yet it is riddled with nuances open to interpretation that may only be vetted in a court of law when it is already too late. What is required in terms of a compliance solution must take into account how each company does business and include a thorough review and subsequent identification of what is affected. This information can be utilized to perform a risk analysis to determine the potential impact if compliance is not achieved (because of complexity, cost or simply poor decision-making). New companies have been created who have specialty products to address the various sections of Sarbanes-Oxley and other regulations. Cottage industries are likely to be born from these new regulations in order to dissect dissect /dis·sect/ (di-sekt´) (di-sekt´) 1. to cut apart, or separate. 2. to expose structures of a cadaver for anatomical study. dis·sect v. and decipher the complexities of compliance. Established companies have repackaged existing products with a sexier Sarbanes-Oxley label in order to be more relevant--and capitalize on--the willingness to spend money to become compliant. Interestingly, it is the legal departments (not the IT departments) that are opening their purses. The timing of this legislation could not have been better for the technology industry--an industry that is in dire need of a jump-start in spending. In a flat economy where companies are striving to reduce excess spending and maximize system efficiencies, suddenly there is a strong call-to-action to become compliant or else run the risk of being the next high profile offender along the lines of Enron and WorldCom, among others. [FIGURE 1 OMITTED] The concept drawing attention as the means to the end here is Information Lifecycle Management Information Lifecycle Management refers to a wide-ranging set of strategies for administering storage systems on computing devices. Specifically, four categories of storage strategies may be considered under the auspices of ILM. (ILM). However, it is important to note that the premise behind ILM is not new. Companies have been managing the lifecycle of their data for years, whether that means backing it up, migrating it to tape, or whatever context is being considered for retention. Fundamentally, the question that needs to get answered is: What technologies will allow a company to cost effectively store, manage, protect and retain data when access and availability requirements change over time? The Catalyst Sarbanes-Oxley created a cause and effect among global companies, mandating an immediate call to action that has been unparalleled. Yet most companies are--and will continue to be--good corporate citizens who operate within the rules and who do not make liberal assumptions about how to bend the law. Regrettably, the landscape has changed dramatically in today's post-Enron business climate. Not only has Sarbanes-Oxley been a catalyst in IT spending, it has influenced a degree of overspending of epic proportions. In desperation, companies are investing inordinate amounts of resources in order to achieve compliance by next year's government-imposed deadline of June 15th. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. technology advisory firm AMR (1) (Adaptive Multi-Rate) A variable rate speech codec selected by the 3GPP for the 3G evolution of the GSM cellphone system (WCDMA). Using the Algebraic CELP (ACELP) compression technology, AMR provides toll quality sound at transmission rates from 4.75 to 12. , companies will spend $2.5 billion on Sarbanes-Oxley compliance projects this year alone. For the IT sector, this is the best news since the dot-com bubble Refers to the late 1990s during which countless Internet companies were riding an enormous wave of enthusiasm that pushed their stock valuations into the stratosphere even though they never made a penny. . Very Few Companies Are in It for the Long Haul Long distance. Long haul implies traversing a state or a country. Contrast with short haul. Yet despite the immediate and severe actions that companies are taking to achieve compliance, it is remarkable how shortsighted short·sight·ed adj. 1. Nearsighted; myopic. 2. Lacking foresight. short  sight most
companies are as they make their investments in new IT infrastructures.
While e-mail and instant messaging Exchanging text messages in real time between two or more people logged into a particular instant messaging (IM) service. Instant messaging is more interactive than e-mail because messages are sent immediately, whereas e-mail messages can be queued up in a mail server for seconds or are the two primary targets for new
controls, these communication channels are only the tip of the iceberg tip of the icebergn. pl. tips of the iceberg A small evident part or aspect of something largely hidden: afraid that these few reported cases of the disease might only be the tip of the iceberg. ; archiving demands will only continue to increase and additional safeguards will be required to verify and authenticate (1) To verify (guarantee) the identity of a person or company. To ensure that the individual or organization is really who it says it is. See authentication and digital certificate. (2) To verify (guarantee) that data has not been altered. original e-mails, recipient lists, time of delivery, return receipt and a host of other considerations. Companies will be forced to use an e-mail client Same as e-mail program. that is deemed secure--and may perhaps be unable to communicate with e-mail clients that don't meet this requirement, greatly impacting interaction with outside vendors and contractors. Very few companies are planning today for what might prompt the next wave of regulatory requirements. While many companies are making investments in storage and retention products, few are exploring the benefits of profiling or the concept that not all data is created equally. Having the capability to store volumes of e-mail is only half of the battle; being able to set policies in order to index and find relevant data within acceptable time periods is an equally important consideration that far fewer companies (or technology vendors) are considering when making large investments in IT to meet today's regulatory requirements. Since the length of time data needs to be stored is ambiguous, companies will need to find cost-effective ways to store data on formats that will not become obsolete in the near future. Saving important material on the 8-track tape player of tomorrow is futile. While there are no easy answers (or crystal balls) to predict the staying power of storage mediums, companies are wise to at least consider how they will migrate, retain and update data over time in order to meet these new regulatory requirements. Depending on the format in which data is archived, longterm data retention may also create massive issues regarding the upgrade and replacement of application software. If your new secure client e-mail application stores its data in a proprietary format, the application will need to be archived along with its data. Each application upgrade needs to be checked to confirm it can interpret every previous version's data format. When the application or its runtime platform is eventually retired, procedures need to be in place to maintain a licensed, executable, archival copy of the application indefinitely. Lastly, companies should look for technology solutions that have heterogeneous management capabilities. Digital content management is analogous to the challenges of managing multiple OS environments, and most IT professionals would turn the other way if offered a proprietary solution. The same approach should be used when making investments in achieving regulatory compliance. The Human Side of Investing in IT and Achieving Compliance CIOs frequently cite the cost of ownership and return on investment as two primary areas of focus (and often the cause of sleepless sleep·less adj. 1. a. Marked by a lack of sleep: a sleepless night. b. Unable to sleep. 2. nights). But in addressing the complex demands of Sarbanes-Oxley, focusing efforts on building a solid IT infrastructure is only half of the equation. Ultimately, the employees who use these tools and resources need to be educated, trained and accountable for their actions. Yet most of the attention has been placed on the new applications and infra-structure required to meet compliance and not on the people (and actual users) behind the technology. How many companies have aligned their human resources The fancy word for "people." The human resources department within an organization, years ago known as the "personnel department," manages the administrative aspects of the employees. and information technology departments? How many employees have been informed about the changes taking place in their organizations and their role in contributing to compliance? Many of the recent high-profile corporate failures have been the result of a few very reckless individuals. Some were willing participants, while others may have just been careless. The integration between IT and HR is an integral component and byproduct by·prod·uct or by-prod·uct n. 1. Something produced in the making of something else. 2. A secondary result; a side effect. Noun 1. of Sarbanes-Oxley that has the possibility of being overlooked by tragic proportions. A New World Order Sarbanes-Oxley, despite all of its nuances and ambiguities, is an important piece of legislation that will reward good corporate citizens and punish its offenders. It will likely be an evolving piece of legislation that is modified and adapted over time in order to be robust and error-free, to the best of its ability. While today's business Today's Business is a show on CNBC that aired in the early morning, 5 to 7AM ET timeslot, hosted by Liz Claman and Bob Sellers, and it was replaced by Wake Up Call on Feb 4, 2002. climate is reactionary and slightly paranoid, Sarbanes-Oxley is intended to target those who work in violation of regulations and not punish those who make a simple mistake. Most companies take precautions to run their businesses ethically. Those who are in the process of updating their systems would benefit from a few simple steps: * Look for solutions that have heterogeneous management capabilities. Don't fall prey to a lock-box solution and become beholden be·hold·en adj. Owing something, such as gratitude, to another; indebted. [Middle English biholden, past participle of biholden, to observe; see behold. to a sole technology vendor who may not have a sustainable value Sustainable Value Sustainable Value is an approach to measure and manage sustainability performance. The concept was developed by researchers who are working today for Queen's University Belfast proposition. * Partner with companies who offer strong professional service capabilities in order to integrate information technology with business processes. * Make today's IT investment scalable to meet tomorrow's requirements. The architecture should have the breadth and flexibility to include future applications. While it is easy to take a shortterm view to addressing today's Sarbanes-Oxley requirements, smart companies will remember to keep a long-term strategy in mind when making IT investments. The Y2K problem Y2K problem or Y2K bug: see Year 2000 problem. (Year 2000 problem) The inability of older hardware and software to recognize the century change in a date. may seem like a distant memory today, but after Sarbanes-Oxley and other regulatory requirements begin to arise, there will be new IT issues to be addressed. Plan accordingly. Chris Wood Chris Wood or Christopher Wood may refer to:
Santa Clara (sän`tä klä`rä), city (1994 est. pop. 217,000), capital of Villa Clara prov., central Cuba. , CA) www.sun.com |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion