Portals eNewsletters Web Seminars dataWarehouse.com DM Review Magazine
DM Review | Covering Business Intelligence, Integration & Analytics
   Covering Business Intelligence, Integration & Analytics Advanced Search

View all Portals

Scheduled Events

White Paper Library
Research Papers

View Job Listings
Post a job


DM Review Home
Current Magazine Issue
Magazine Archives
Online Columnists
Ask the Experts
Industry News
Search DM Review

Buyer's Guide
Industry Events Calendar
Monthly Product Guides
Software Demo Lab
Vendor Listings

About Us
Press Releases
Advertising/Media Kit
Magazine Subscriptions
Editorial Calendar
Contact Us
Customer Service

Enterprise Content Management:
Supporting Compliance Efforts with Enterprise Change Management

  Column published in DM Review Magazine
December 2003 Issue
  By Dan Sullivan

The Sarbanes-Oxley Act is getting quite a bit of press these days. White papers from information technology (IT) vendors argue that document management, portals and even extract, transform and load (ETL) tools are integral parts of complying with the financial disclosure act. Certainly these and other applications can help with compliance, but they are not enough. Meeting regulations of Sarbanes-Oxley, the Health Insurance Portability and Accountability Act (HIPAA), FDA regulation 21 CFR Part II, Gramm-Leach-Bliley or other regulations that dictate controls on enterprise information requires comprehensive processes for tracking and managing change.

Getting a handle on compliance is an enterprise-scale challenge. Regulations can describe a logical object such as "protected health information" that spans multiple data sources and is subject to a range of processes. How can you manage such amorphous entities? The first step is to understand the problem from an organizational perspective.

As compliance expert Donna J. Edwards of Tenax Corporation noted, "There is often lack of understanding between IT, legal and/or compliance and upper management of the pertinent compliance issues and the corresponding technical resolutions." Clearly, we need a way to describe both the business and technical aspects in a single model.

The emerging practice of enterprise change management (ECM) offers a framework for processes that supports compliance from both business and technical perspectives. ECM models consist of: assets, dependencies, workflows, policies and roles.

Assets are objects subject to management rules. Examples include servers, network infrastructure, custom applications, customer information, patient records and audit records. As varied as they are, assets have several common characteristics. First, we can isolate and identify specific assets such as "PortalServer1" and Jane Smith's customer profile in a customer relationship management (CRM) system. Second, assets change over time. Applications are upgraded, documents are revised and data is changed. Finally, assets depend on other assets.

To effectively control and audit assets, especially information assets, we need to understand the role of other assets in their life cycle. If a regulation requires access controls on information (an asset), then we depend on security within a host application (another asset). When confidential information is moved beyond a firewall, we might depend on virtual private networks to encrypt and protect the confidentiality of the data. Protecting assets across an integrated enterprise requires clear understanding of all systems that manipulate an asset and the role those systems play in maintaining the integrity of assets.

Assets, especially information assets, are dynamic, and meeting regulations often requires demonstrating control over the changes in an asset. For example, to demonstrate compliance with a regulation, we might need to show how any change to a record is tracked for auditing. This would require identifying all applications that can change a record, including the source system that maintains the original data, data cleansing tools that correct errors and application integration tools that copy and reformat data for other applications. ECM models include workflows that describe a starting point for a process (e.g., create a customer record), transition rules for moving to another point, (e.g., changing the credit limit of a customer) and end points (e.g., archiving records of a closed account). Workflows describe how compliance regulations are met. Policies dictate what is to be done within those workflows.

Policies play a central role in enterprise change management and can have similar prominence in regulation compliance. Policies are rules that govern how assets are changed, who can change them and what workflows are relevant to particular assets. Policies are the operational guidelines that describe how to meet compliance requirements. Typically, policies make specific reference to asset types, operations on those assets and roles of those who perform those operations.

Roles, the final component of ECM models, are assigned to groups or individuals who perform particular actions or workflows. Policies and workflows use roles to specify who is allowed to perform specific processes.

Compliance has always been an issue in many industries. Today, the breadth of regulations requires organizations to have much tighter control on their processes, including enterprise content management. In some cases, compliance is not enough; you have to be able to prove you are in compliance. Using a methodical strategy based on the principles of ECM is one approach to the problem. With an emphasis on modeling assets, dependencies, workflows, policies and roles, ECM provides a foundation from which you can build a compliance infrastructure.

For more on ECM, please see my e-book, The Definitive Guide to Enterprise Change Management, at www.merant.com/campaign/ebook, especially Chapter 2: "Examining the Nature of Enterprise Change."


For more information on related topics visit the following related portals...
Content Management, Enterprise Information Integration (EII) and Compliance.

Dan Sullivan is president of the Ballston Group and author of Proven Portals: Best Practices in Enterprise Portals (Addison Wesley, 2003). Sullivan may be reached at dsullivan@ballstongroup.com.

Solutions Marketplace
Provided by IndustryBrains

Design Databases with ER/Studio: Free Trial
ER/Studio delivers next-generation data modeling. Multiple, distinct physical models based on a single logical model give you the tools you need to manage complex database environments and critical metadata in an intuitive user interface.

Data Validation Tools: FREE Trial
Protect against fraud, waste and excess marketing costs by cleaning your customer database of inaccurate, incomplete or undeliverable addresses. Add on phone check, name parsing and geo-coding as needed. FREE trial of Data Quality dev tools here.

Data Mining: Levels I, II & III
Learn how experts build and deploy predictive models by attending The Modeling Agency's vendor-neutral courses. Leverage valuable information hidden within your data through predictive analytics. Click through to view upcoming events.

Live Web Cast - Maximizing Revenue, CRM & CDI
FREE, LIVE & interactive webcast on customer data integration (CDI), customer intelligence management, integrated revenue management & revenue maximization. Hosted by Aberdeen & Nimaya. Register & receive free whitepaper & chance to win an iPod Nano!

Free EII Buyer's Guide
Understand EII - Trends. Tech. Apps. Calculate ROI. Download Now.

Click here to advertise in this space

View Full Issue View Full Magazine Issue
E-mail This Column E-Mail This Column
Printer Friendly Version Printer-Friendly Version
Related Content Related Content
Request Reprints Request Reprints
Site Map Terms of Use Privacy Policy
SourceMedia (c) 2006 DM Review and SourceMedia, Inc. All rights reserved.
SourceMedia is an Investcorp company.
Use, duplication, or sale of this service, or data contained herein, is strictly prohibited.