Systems for Managing Compliance
A key factor in many of these products is in their integration with the other compliance-oriented products that rely on them, which is probably why weve seen partnerships and even mergers and acquisitions in many of these areas (such as EMCs acquisition of Documentum). Content ManagementTo a large degree, many of the regulatory requirements that companies must adhere to break down to management and tracking of key corporate documents and records. Given this, its no surprise that products that deal with document, content and rights management play a big role when it comes to dealing with compliance.The main goal of an enterprise content management solution is to effectively manage and track the creation, sharing and archiving of documents and content within an organization. By the very nature of their design, enterprise content management solutions are effective tools for handling compliance issues, even if they have no specific built-in features for compliance. Of course, enterprise content management vendors have been listening to their customers and have added plenty of features and custom modules to help companies manage compliance issues within a content management framework. In fact, one of the first dedicated SarbOx applications that we looked at—OpenPages SOX Express—was essentially built on a document management model. As enterprise content management has increased in profile in recent years, its applicability to compliance issues has only increased. Indeed, the increased integration of business process management products and capabilities within enterprise content management platforms has made it possible to enforce compliance requirements not only on documents but also on the actual business flows that create them. As in many other product areas that touch on compliance, enterprise and document management products often will include templates or modules to help businesses deal with a specific compliance area. In our experience, these templates vary in their ability to be applied out of the box, but they do tend to serve as a good starting point in developing your own policies. Weve noted that solutions from major enterprise content management players such as EMC Documentum, FileNet and OpenText tend to provide lots of compliance-related capabilities. However, lower-end systems, such as the Xythos Document Management suite that we reviewed last year, will also aid in compliance. In addition, rights management systems such as Adobe Systems LiveCycle and Microsofts RMS (Rights Management Services) make it possible to apply fine-grained controls over access to documents. E-Mail and Collaboration Management As many companies have found to their dismay, not all vital corporate communications are done in documents and forms. When it comes to many government regulations, one of the main danger points is in the company e-mail system. A good e-mail management and security platform can go a long way toward limiting the likelihood of a compliance violation through an errant or a malicious e-mail. Along with the ability to stop spam and viruses, many e-mail security platforms include the ability to scan e-mail for specific content—content that your company may not want to go to the outside world. E-mail management systems can be easily geared to work with both industry and government regulations, as well as with a companys own governance initiatives. These tools let businesses track e-mail messages, see what is being circulated both internally and externally, and even prevent messages with certain words or attachments from being sent externally. Any good e-mail management and security system will provide content-level controls over outgoing e-mail, but two of the best that weve seen in recent years are SendMail Mailstream Content Manager (an eWEEK Excellence Awards winner) and Orchestria Active Policy Management (an eWEEK Labs Analysts Choice). Both products give messaging administrators and compliance personnel the tools to ensure that workers are adhering to company communications policies. ID Management and Authentication One of the scariest elements of regulatory compliance for many companies is when auditors show up to check on procedures and security. Having to walk auditors through a complex authentication, system-security and password-management protocol is the very definition of a bad day for any administrator. Next Page: Assuring secure compliance.