Regulatory Compliance

There seem to be more regulations to address every day, and just when you finish complying with them, lawmakers change the rules. SOX, HIPAA, GLBA, Basel II, EU DPD — the list can seem daunting. Businesses in nearly every industry face many issues, regulations and pending legislation affecting how business is conducted. Organizations can’t afford to respond to each regulation with a labor and cost intensive one-off process. They need to adopt a strategic architecture that maximizes their investments and limits the cost of a new regulation or change to a law and associated reporting requirements.

But despite the acronyms and increasingly complex global regulatory environment, regulations generally share some traits that can be leveraged to reduce the compliance and associated operational burdens. Organizations that strongly manage process and controls through a compliance architecture can quickly and easily reduce individual regulatory impact. Best practice based compliance architectures address this by leveraging the underlying technology architecture to better document and, when needed, change the business process.

By reducing different regulations to their core, we can identify areas of maximum overlap and reduce expenditures. While Compliance management won’t solve all of your regulatory headaches, it helps in three significant ways:

	Improves understanding of operational business processes, and allows for enforcement, monitoring and testing. Provides documentation and tracking over time. Reporting is a by product of the documentation effort.

The goal of a compliance architecture is simply to implement controls that manage, document and ensure compliance. These controls can either prevent undesired events or detect undesired events. A compliance architecture supports the integration of controls into an organization by centralizing technology controls as appropriate and using technology to help enforce process controls. Some examples of technology controls include:

	Protective Detective Authentication Access Controls Authorization Alarms Audit Logs

The foundation of our compliance architecture solution is solid security and business continuity planning practices, information and document life cycle management, and business process management. By building upon and standardizing this foundation, adding business intelligence and a compliance tool for reporting, organizations can deploy a solid compliance strategy, architecture and environment.