New regulations, the threat of litigation and the uncertain costs of compliance place company record-keeping, content and data management practices under unprecedented scrutiny. Organizations today are required to meet a growing body of regulations set up to assure corporate accountability.
Evaluating your records management policy in this new era of accountability is critical in order to achieve compliance with government regulations, such as the Sarbanes-Oxley Act of 2002, SEC 17a, NASD 3010, and the U.K. Data Protection Act, as well as with corporate policies or industry standards. As we have seen, companies who do not comply face dire consequences.
An Integrated Approach to Compliance
Is your organization prepared to overcome the risks of non-compliance and manage the operational costs of retaining, accessing and archiving records? An integrated compliance framework and a policy-based program of records retention, supported by technology that can properly classify and archive all records, can help you mitigate risks and prepare for the future.
The approach followed must be proven and methodical—however, the most critical aspect of any compliance initiative is to ensure that the solution not only meets the organization’s existing compliance needs, but that it is sustainable and serves as a platform to meet evolving regulations and statutes over time. Regulations may change, but they will not disappear. An integrated compliance framework should be based on a “best of breed” architecture that will minimize the pain of transition and leverage common policies, content and applications for compliance.
Managing Risks and Exposures
As you develop your approach to compliance, consider the regulatory environment, timeframe for compliance, the process controls needed to achieve compliance and evaluate the people, process and technology risks and exposures. While penalties stemming from non-compliance are enforced at the executive level, every employee is an information custodian. Corporate policies and procedures must be communicated, monitored and measured. The tasks of compliance should be automated to reduce the potential for human error, and integrated to minimally impact the daily routines of employees. Most importantly, the people responsible for active declaration of financial records, audit records, proposals, pricing, etc., must have the right tools and training. How can you minimize the risks and exposures? Develop a content-based records management solution that provides:
- Consistency: Demonstrate that policies are consistently applied across the enterprise;
- Capture: Ensure that all items deemed as records are captured and managed;
- Accessibility: Provide high-performance search, retrieval and presentation functionality and deliver all information quickly—regardless of format;
- Completeness: Capture and preserve the original content, context and structure of information;
- Integrity: Ensure records are protected against alteration or deletion;
- Auditability: Generate audit trails and reports detailing user access;
- Retention: Enforce retention requirements and policies—retaining items for as long as necessary, but no longer;
- Destruction: Expunge records completely so as to prevent any reconstruction;
- Continuity and Recovery: Build in redundancy to protect assets and guarantee operational continuity;
- Authenticity: Provide records that are verifiably accurate and reliable; and
- Official Copy: Have one “official copy” of records, with copies governed by different business rules.
The Need for Common Content Infrastructure
To support this comprehensive approach, you must define what constitutes a “record series” based on content, and establish rules for how records are captured and stored . The critical success factor is a common content infrastructure that lets you see how records are related, and enables easy retrieval to support discovery.
A common content infrastructure has the following features1:
1. A universal content repository supporting common search and access control across all information types—paper and microfilm, images, revisable documents and e-mail, common retrieval for all electronic types and an audit log of all actions on stored content objects.
2. A standards-compliant records management application (RMA), tightly integrated with the repository user interface and workflow, providing file-plan management, record classification and enforced retention management.
3. Enterprise content management (ECM) software, for a scalable solution for the creation, version control, workflow, security and lifecycle management of all content types and to achieve consistency across content types and sources.
Bottom Line There are no magic bullets. But to be successful, you need a content-based records management plan, which mitigates the people, process and technology risks and exposures. The best approach is to partner with a cross-functional team that provides both products and services, such as EMC Corporation and Fujitsu Consulting.
EMC provides a complete information lifecycle management solution for compliance: the combination of Documentum Records Manager with the Documentum ECM platform and storage provides an end-to-end solution for content creation, version control, security, archiving and storage. Documentum Records Manager provides formal records management procedures for the classification, declaration, retention and disposition of records, while Legato EmailXtender archives and manages e-mail messages. Documentum Content Intelligence Services (CIS) allows actionable metadata from new or existing records to be automatically identified, automating and controlling the tagging and categorization of all record types.
Fujitsu Consulting brings business and consulting expertise in the area of compliance management and integrates EMC’s applications for end-to-end compliance.
As a first step toward compliance, Fujitsu Consulting will conduct an interactive review and assessment of your records and content management technologies and business activities. This assessment will include your key stakeholders to identify the enterprise’s desired end-state, uncover potential risks and provide you with specific recommendations to include in your compliance approach.
1 Bruce Silver Associates Industry Trend Report, “Answering the Call for Enterprise Records Management,” May 2003
About Documentum Software from EMC
Documentum software from EMC Corporation includes enterprise content management (ECM) solutions that enable organizations to unite teams, content and associated business processes. With a single platform, EMC Documentum software enables people to collaboratively create, manage, deliver and archive the content that drives business operations, from documents and discussions to email, Web pages, records and rich media.
For more information, visit Documentum.
About Fujitsu Consulting
A trusted provider of management and technology consulting, Fujitsu Consulting is the North American services arm of the 45 billon-dollar Fujitsu Group. Fujitsu Consulting integrates the core expertise of Fujitsu companies and partners to deliver complete solutions that drive business value. For more information, visit:Fujitsu Consulting or send an email to firstname.lastname@example.org