By Julie Rahal
Regulatory compliance has hit the IT market with remarkable fury. Compliance is the new buzzword, and software, hardware and services companies are trying to capitalize on the window of opportunity. But what is the true opportunity for content technology vendors and what role will software such as content management, document management, records management, and search and retrieval play as organizations address compliance?
The introduction of regulations such as Sarbanes-Oxley, HIPAA and SEC 17A-4 is forcing organizations across several industries to pay attention to the information and processes within them. As companies focus more on the issue, technology will become a key part of strategic compliance initiatives to ensure sustainability of processes, mitigate risk and manage ongoing costs.
Regulatory compliance is perhaps the biggest change and newest driver for adoption of content technologies. The need to integrate, access, analyze, store and ensure the integrity of information has always existed, but that need has significantly increased with the stiff requirements and penalties inherent in the regulations. Therein lays the opportunity for content technology vendors. The business process assessment and redesign fueled by compliance will wash over and expand into a broader and more general content-related business process and content technology reassessment. That, in turn, will push demand for future content technology.
However, it is still early in the spending cycle for actual compliance-related purchasing. In terms of implementing technology to help comply with government regulations, IDC survey results indicate that more than 50% of companies are in the education and planning stages, while only 12% are investing in technology for compliance. Companies are taking time to step back, educate themselves on the regulations that affect their business and then determine the best strategy for moving forward. With over half of companies still in the pre-buying phase, content technology vendors are in a great position to educate the marketplace on how their software offerings can help automate key compliance-related processes, while reducing the associated costs.
IDC survey results also show that there will be an uptake in compliance-related investments in content technologies within the next 12 months. Compliance is a people and process problem first, then a technology problem. Take Sarbanes-Oxley, for example; most companies are struggling through the first round of Section 404 compliance by throwing people and services at the problem. Many times the only technology that is being used are tools from the audit firms, Microsoft Word and Excel. However, after companies complete the process the first time and realize how time-intensive and costly it is, they will turn to technology to help make the processes more efficient, more sustainable and less expensive. Because of that, current investment has been predominantly in the services area, with some additional spending on storage and security technologies.
But data suggests that as we look at plans to invest in the next 12 months, the focus shifts to software that manages and organizes unstructured information in the enterprise, as well as the workflow and process associated with compliance, such as content and document management software and business process management software. Then as we look even further out in time to implementation plans beyond 12 months, planned investments will extend to include applications such as records management applications, digital rights management and business performance management.
The Compliance Landscape chart represents the compliance landscape. Across the top are eight regulations that IDC has identified as being information-intensive. Many of the regulations have common denominators around three areas:
1. ensuring the integrity of both information and processes,
2. mandating record retention policies, and
3. ensuring privacy of information.
Down the left-hand column are several technology areas that all play a role in addressing compliance in an enterprise. Two key ones regarding the compliance landscape need to be addressed:
- Companies are not dealing with a lone regulation in a vacuum. Many companies are struggling with complying with more than one regulation at a time. A public pharmaceutical company, for example, is dealing with 21 CFR Part 11 and Sarbanes-Oxley. And a financial services company is plagued by SEC 17A-4, the Graham-Leach Bliley Act and, if it is public, Sarbanes-Oxley.
- No one piece of software can solve all of an organization's compliance problems. It takes several types of technologies from the infrastructure layer up to the applications layer to automate end-to-end corporate compliance.
Organizations should implement technology that can be leveraged across the legislative areas and also provide them with longer-term business benefits such as improved business processes, daily operations and decision-making tools. To achieve those goals, IDC feels that a compliance infrastructure is emerging.
Content technologies are a part of two essential pieces of the compliance infrastructure: information management and information access. A key piece of the information management segment is content management and document management software. That software addresses the documentation and process management of regulatory compliance. It manages critical unstructured information through a controlled life cycle including content authoring, review, editing, approval and distribution. Additionally, records management software plays a role and is emerging as a critical piece of that architecture. Records management software enforces business rules and records retention policies and manages the retention of the records through archiving and destruction. Those retention schedules and business polices are then carried out in the underlying data retention and storage layer.
The information access piece is also critical and often overlooked. What good does it do to manage information if there isn’t a reliable way to get it out? Included in this segment are content access tools, which include search and retrieval, text mining, classification and natural language processors. Those technologies provide search, classification and information discovery. They also enable companies to monitor and analyze large amounts of information that is contained in sources such as e-mail.
So, to return to the question posed in the title of this article, content technologies play a critical and much needed role in regulatory compliance. When technology is implemented to support key compliance initiatives, the selected solutions should be considered in terms of their impact on increasing the strategic use of information or optimizing business processes. Content technologies allow organizations to not only comply, but strategically manage information assets. Achieving broader goals through compliance-driven initiatives will clearly pave the way for organizations to achieve competitive advantage.
Julie Rahal is a research analyst, Document and Records Management Software, IDC (idc.com), e-mail firstname.lastname@example.org