The Future of Compliance

Reviews

Shared by: rraul

Tags

The Future of Compliance, Compliance Assistance, compliance requirements, Compliance Issues, compliance costs, Risk Assessment, Climate Change, FY 2000, applicable requirements, financial integrity

Stats

views:: 22
rating:: not rated
reviews:: 0
posted:: 11/7/2008
language:
pages:: 0

Public Domain

The Future of Compliance: Pervasive, Not Invasive. Andrew Chapman Director - Compliance Application Group EMC Content Management & Archiving Products • • • • • • • • • • • • • • • • • • • • • • • • • Top 1000 Reasons to Implement Compliant-ECM • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Save Money • • • • • • • • • • • • • • • • • • • • • • • • Top 1000 Reasons to Implement Compliant-ECM • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Top 1000 Reasons to Implement Compliant-ECM • Save Money • Make Money • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Save Money • Make Money • Stay Out of Jail • • • • • • • • • • • • • • • • • • • • • • Top 1000 Reasons to Implement Compliant-ECM • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Save Money • Make Money • Stay Out of Jail • • • • • • • • • • • • • • • • • • • • • • Top 1000 Reasons to Implement Compliant-ECM • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Save Money • Make Money • Stay Out of Jail • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Save Money • Make Money • Stay Out of Jail • • • • • • • • • • • • • • • • • • • • • • Top 1000 Reasons to Implement Compliant-ECM • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Save Money • Make Money • Stay Out of Jail • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Objective Compliance is one of the most dynamic and complex areas of business today due to the fact that, as a solution it affects a number of different and disparate departments, groups and users across the enterprise. Objective Compliance is one of the most dynamic and complex areas of business today due to the ALL fact that, as a solution it affects a number of different and disparate departments, groups and users across the enterprise. Objective Compliance is one of the most dynamic and complex areas of business today due to the ALL fact that, as a solution it affects a number of different and disparate departments, groups and users across the enterprise. Q. How do we implement pervasive compliance solutions across an entire enterprise? Compliance Scope Challenge Compliance Scope Systems to Integrate Into Native Management Management in Place Federated Management Extract-Transform-Load Data Types To Manage Unmanaged Content Unstructured Content eMail XML Regulations To Enforce Changes To Regulations Regional Differences Managed Content Structured Content Line-oriented Structured Content Page-oriented Structured Content Database Structured Content Compliance Scope Challenge Compliance Scope Systems to Integrate Into Native Management Management in Place Federated Management Extract-Transform-Load Data Types To Manage Unmanaged Content Unstructured Content eMail XML Regulations To Enforce Changes To Regulations Regional Differences Managed Content Structured Content Line-oriented Structured Content Page-oriented Structured Content Database Structured Content Compliance Scope Challenge Compliance Scope Systems to Integrate Into Native Management Management in Place Federated Management Extract-Transform-Load Data Types To Manage Unmanaged Content Unstructured Content eMail XML Regulations To Enforce Changes To Regulations Regional Differences Managed Content Structured Content Line-oriented Structured Content Page-oriented Structured Content Database Structured Content Compliance Scope Challenge Compliance Scope Systems to Integrate Into Native Management Management in Place Federated Management Extract-Transform-Load Data Types To Manage Unmanaged Content Unstructured Content eMail XML Regulations To Enforce Changes To Regulations Regional Differences Managed Content Structured Content Line-oriented Structured Content Page-oriented Structured Content Database Structured Content Compliance Scope Challenge Compliance Scope Systems to Integrate Into Native Management Management in Place Federated Management Extract-Transform-Load Data Types To Manage Unmanaged Content Unstructured Content eMail XML Regulations To Enforce Changes To Regulations Regional Differences Managed Content Structured Content Line-oriented Structured Content Page-oriented Structured Content Database Structured Content Compliance Scope Challenge Compliance Scope Systems to Integrate Into Native Management Management in Place Federated Management Extract-Transform-Load Data Types To Manage Unmanaged Content Unstructured Content eMail XML Regulations To Enforce Changes To Regulations Regional Differences Managed Content Structured Content Line-oriented Structured Content Page-oriented Structured Content Database Structured Content Compliance Scope Challenge Compliance Scope Systems to Integrate Into Native Management Management in Place Federated Management Extract-Transform-Load Data Types To Manage Unmanaged Content Unstructured Content eMail XML Regulations To Enforce Changes To Regulations Regional Differences Managed Content Structured Content Line-oriented Structured Content Page-oriented Structured Content Database Structured Content Compliance Scope Challenge Compliance Scope Systems to Integrate Into Native Management Management in Place Federated Management Extract-Transform-Load Data Types To Manage Unmanaged Content Unstructured Content eMail XML Regulations To Enforce Changes To Regulations Disposition Process Regional Differences Managed Content Structured Content Line-oriented Structured Content Page-oriented Structured Content Database Structured Content Compliance Scope Challenge Compliance Scope Systems to Integrate Into Native Management Management in Place Federated Management Extract-Transform-Load Data Types To Manage Unmanaged Content Unstructured Content eMail XML Regulations To Enforce Changes To Regulations Disposition Process Regional Differences Managed Content Structured Content Line-oriented Structured Content Page-oriented Structured Content Database Structured Content Compliance Scope Challenge Compliance Scope Systems to Integrate Into Native Management Management in Place Federated Management Extract-Transform-Load Data Types To Manage Unmanaged Content Unstructured Content eMail XML Regulations To Enforce Changes To Regulations Regional Differences Managed Content Structured Content Line-oriented Structured Content Page-oriented Structured Content Database Structured Content Compliance Scope Challenge The name of the game is “Divide and Conquer” Divide and conquer (D&C) is an algorithm design that works by recursively breaking down a problem into two or more sub-problems until these become simple enough to be solved directly. 1. Establish the total scope of the problem. 2. Set boundaries between each sub-section. 3. Assess the manageability of each sub-section. 4. Can manage each sub-section? if not, start again… Establish Boundaries Around The Problem… Enterprise Content Subject to Compliance Control Establish Boundaries Around The Problem… Managed Unstructured Content ECM System Sharepoint Custom Custom ? Custom Enterprise Content Subject to Compliance Control ? Establish Boundaries Around The Problem… Unmanaged Unstructured Content Network File Shares Desktops Managed Unstructured Content ECM System Sharepoint Custom Custom ? Custom Enterprise Content Subject to Compliance Control ? Establish Boundaries Around The Problem… Unmanaged Unstructured Content Network File Shares Desktops Managed Unstructured Content ECM System Sharepoint Custom Custom ? Custom Page-Oriented Enterprise Content Subject to Compliance Control Data Database Content Line-oriented Data ETL Structured Content ? Establish Boundaries Around The Problem… Unmanaged Unstructured Content Network File Shares Desktops Managed Unstructured Content ECM System Sharepoint Custom Enterprise Content Subject to Compliance Control Page-Oriented Legacy Data Systems Database Content Other Custom ? Custom ? Other Active Systems Siloed Unstructured Content Line-oriented Data ETL Structured Content Establish Boundaries Around The Problem… Unmanaged Unstructured Content Network File Shares Desktops Common Services Custom Classification Search Enterprise Content Subject to Compliance Control Policy Enforcement Page-Oriented Legacy Data Disposition Systems Database Content Other Custom Managed Unstructured Content ECM System Sharepoint Custom ? ? Other Active Systems Siloed Unstructured Content Line-oriented Data ETL Structured Content The Exception To The Rule. Unmanaged Unstructured Content Network File Shares Managed Unstructured Content ECM System Custom Desktops PST Files Saved to “My Documents” eMails In Sharepoint Repository Common Services Custom Classification Search Enterprise Content Subject to Compliance Control Policy Enforcement Page-Oriented Legacy Data Disposition Systems Database Content Other Custom ? ? Other Active Systems Managed in Place Siloed Unstructured Content Line-oriented ETL for Transactional eMail? Data ETL Structured Content Understand Each Quadrant‟s Pros & Cons Unmanaged Unstructured Content Managed Unstructured Content Sharepoint Unstructured Content ECM System Common Services Classification Custom Search Enterprise Content Subject to Compliance Control Policy Enforcement Page-Oriented Legacy Disposition Data Systems Other ? Custom Network File Shares Desktops Custom ? Structured Content Database Content Line-oriented Data Other Active Systems Siloed Unstructured Content ETL Structured Content Understand Each Quadrant‟s Pros & Cons Unmanaged Unstructured Content Managed Unstructured Content Sharepoint Cons Network File Shares Desktops Pros Users love it! Unstructured Content “Free Range” Convenient Uncontrolled ECM System Non-Invasive Common Services Uncategorized Cheap No Workflow Abilities Classification Custom Easy Administration No Encryption Search Enterprise Content Subject to Compliance Control Where To Discover Policy Enforcement Page-Oriented What To Discover Legacy Disposition Data No Immutability Systems No Controlled Disposition Database Content Viral Structured Content Other Weak Security Other Active No Line-oriented Auditability Systems Data Siloed Unstructured Content ETL Structured Content Custom ? Custom ? Understand Each Quadrant‟s Pros & Cons Unmanaged Unstructured Content Managed Unstructured Content Sharepoint Cons Network File Shares Desktops Pros Controlled Unstructured Content Invasive Categorized Expensive ECM System Workflows/Lifecycles Administration Burden Common Services Encryption Hard To Integrate Into Classification Custom eSignature Support Can Be Overkill Search Enterprise Content Subject to Compliance Control Print/File Control Storage Overhead Policy Enforcement Page-Oriented Controlled Printing Legacy Disposition Data Version Control Systems Rendition Control Database Content Security Structured Content Other Immutability Other Active Line-oriented Controlled Disposition Systems Data Scaleable Siloed Unstructured Content ETL Structured Content Long Term Retention Auditable Custom ? Custom ? Understand Each Quadrant‟s Pros & Cons Unmanaged Unstructured Content Managed Unstructured Content Sharepoint Cons Network File Shares Desktops Pros Non-Invasive Unstructured Content Unstable Unifies Compliance Highly Complex ECM System Common Services Hard To Validate Hard To Maintain Classification Custom Workflow Difficult Search Enterprise Content Subject to Compliance Control No Encryption Policy Enforcement Page-Oriented Security Headache Legacy Disposition Systems Data Database Content Line-oriented Data ETL Structured Content Custom ? Custom ? Other Structured Content Other Active Systems Siloed Unstructured Content Understand Each Quadrant‟s Pros & Cons Unmanaged Unstructured Content Managed Unstructured Content Sharepoint Cons Network File Shares Desktops Pros High Volume Unstructured Content Structured Content Only High Value Data De-normalized ECM System Easy To Categorize Need To Predict Output Common Services Relieves Prod. Systems Needs New Applications Classification Custom RM For DB Data! Search Enterprise Content Subject to Compliance Control Non-Invasive Legacy Systems Other Custom ? Custom Policy Enforcement Disposition Page-Oriented Data ? Structured Content Database Content Line-oriented Data Other Active Systems Siloed Unstructured Content ETL Structured Content C-Level Summary… Unmanaged Unstructured Content Network File Shares Desktops Common Services Classification Search Policy Enforcement Disposition Custom Page-Oriented Data ? Custom Managed Unstructured Content Sharepoint ECM System Custom ? Legacy Systems Other Database Content Other Active Systems Siloed Unstructured Content Line-oriented Data ETL Structured Content Option One - Ignore it… Option Two – Move Content Between Quadrants Unmanaged Unstructured Content Managed Unstructured Content Sharepoint Unstructured Content ECM System Common Services Classification Custom Search Enterprise Content Subject to Compliance Control Policy Enforcement Page-Oriented Legacy Disposition Data Systems Other ? Custom Network File Shares Desktops Custom ? Structured Content Database Content Line-oriented Data Other Active Systems Siloed Unstructured Content ETL Structured Content Option Two – Move Content Between Quadrants Unmanaged Unstructured Content Managed Unstructured Content Sharepoint Unstructured Content ECM System Common Services Classification Custom Search Enterprise Content Subject to Compliance Control Policy Enforcement Page-Oriented Legacy Disposition Data Systems Other ? Custom Network File Shares Desktops Custom ? Structured Content Database Content Line-oriented Data Other Active Systems Siloed Unstructured Content ETL Structured Content Option Two – Move Content Between Quadrants Unmanaged Unstructured Content Managed Unstructured Content Sharepoint Unstructured Content ECM System Common Services Classification Custom Search Enterprise Content Subject to Compliance Control Policy Enforcement Page-Oriented Legacy Disposition Data Systems Other ? Custom Network File Shares Desktops Custom ? Structured Content Database Content Line-oriented Data Other Active Systems Siloed Unstructured Content ETL Structured Content Option Two – Move Content Between Quadrants Unmanaged Unstructured Content Managed Unstructured Content Sharepoint Unstructured Content ECM System Common Services Classification Custom Search Enterprise Content Subject to Compliance Control Policy Enforcement Page-Oriented Legacy Disposition Data Systems Other ? Custom Network File Shares Desktops Custom ? Structured Content Database Content Line-oriented Data Other Active Systems Siloed Unstructured Content ETL Structured Content Option Two – Move Content Between Quadrants Unmanaged Unstructured Content Managed Unstructured Content Sharepoint Unstructured Content ECM System Common Services Classification Custom Search Enterprise Content Subject to Compliance Control Policy Enforcement Page-Oriented Legacy Disposition Data Systems Other ? Custom Network File Shares Desktops Custom ? Structured Content Database Content Line-oriented Data Other Active Systems Siloed Unstructured Content ETL Structured Content Option Three – Address Each Quadrant As A Silo Unmanaged Unstructured Content Managed Unstructured Content Sharepoint Unstructured Content ECM System Common Services Classification Custom Search Enterprise Content Subject to Compliance Control Policy Enforcement Page-Oriented Legacy Disposition Data Systems Other ? Custom Network File Shares Desktops Custom ? Structured Content Database Content Line-oriented Data Other Active Systems Siloed Unstructured Content ETL Structured Content Bring It Together With Common Services Unmanaged Unstructured Content Managed Unstructured Content Sharepoint Unstructured Content ECM System Common Services Classification Custom Search Enterprise Content Subject to Compliance Control Policy Enforcement Page-Oriented Legacy Disposition Data Systems Other ? Custom Network File Shares Desktops Custom ? Structured Content Database Content Line-oriented Data Other Active Systems Siloed Unstructured Content ETL Structured Content Bring It Together With Common Services Unmanaged Unstructured Content Managed Unstructured Content Sharepoint Network File Shares Desktops eDiscovery Unstructured Content ECM System Common Services Custom Classification Custom Search Enterprise Content Subject to Compliance Control Policy Enforcement Page-Oriented Legacy Disposition Data Systems Other ? Custom ? Structured Content Database Content Line-oriented Data Other Active Systems Siloed Unstructured Content ETL Structured Content Records Management Scope Challenge Common Services Classification Search Policy Enforcement Disposition Common Classification Model Unified/Consolidated Search Unified Reporting Common Policy Retention Enforcement Disposition Process eDiscovery Process Unmanaged Unstructured Content Managed Unstructured What We Really Need… Content Network File Shares The Future Sharepoint Unstructured Classification Systems •Desktops Uniform, CentralizedContent Formal, ECM System • A corporate classification plan • Cooperative Systems • Systems designed to work together Custom • Operating System Support for Compliance Enterprise Content Subject to Compliance Control • Support basic RM functionality on the Page-Oriented „desktop‟ Legacy • In-place Database Compliance Data • Systems ETL Intelligent • IT & Compliance Cooperation via Categorization Database Content Structured requirements Content Other • Unify compliance and IT Custom ? Custom ? Other Active Systems Siloed Unstructured Content Line-oriented Data ETL Structured Content Unmanaged Unstructured Content Managed Unstructured What We Really Need… Content Network File Shares Desktops Far In To The Future Sharepoint Unstructured Content “Self Enforcing Compliant Content” ECM System Custom Imagine a world where: • Content enforced compliance not systems Custom • Content owned its own metadata Enterprise Content Subject to Compliance Control • Policies “stuck” to content even when the content left its Page-Oriented Legacy application Data Systems • You could dispose of all copies of a document no matter where they resided Database Content Other ? Custom ? Structured Content Other this is Most of Active possible today using DRM but imagine if this Line-oriented Systems to content… was native Data Siloed Unstructured Content ETL Structured Content Objective Compliance is one of the most dynamic and complex areas of business today due to the ALL fact that, as a solution it affects a number of different and disparate departments, groups and users across the enterprise. Q. How do we implement pervasive compliance solutions across an entire enterprise? Summary Q. How do we implement pervasive compliance solutions across an entire enterprise? 1. 2. 3. 4. 5. 6. 7. Divide and Conquer Move Content to Appropriate Locations Manage In Silos and/or Federate Standardize Categorization Unify Common Services Think eDiscovery Keep it Robust but Simple Contact Information Andrew Chapman Chapman_Andrew@emc.com chapman@nevertalkwhenyoucannod.com http://www.nevertalkwhenyoucannod.com/