IBMs Policy Based Data Management tool is designed to assist people untrained in the intricacies of database management to define complex policies that can then be executed automatically based on the definitions, said Mukesh Mohania, research staff member with the IBM India Research Lab, housed in New Delhis India Institute of Technology.
The tool features two user interfaces: one for business object definition and the other for policy definition. Mohania said the technology will automatically detect any conflicts between the policies while defining them from the desktop, regardless of who is at the controls. The tool then automatically ensures the accurate execution of the business-policy response to the situation, such as database events, transactional events and external events.
Policies executed through the tool can encompass access control for data and proper transmission of data between systems. In addition, the software includes record-retention capabilities including archiving, exporting and importing, as well deletion, insertion, and modification of data.
IBM officials said the tool runs on DB2 and can support any relational database with a simple modification. Future development will allow the product be offered as a toolkit, and also focus on protecting data privacy.
Experts note that the demands of regulatory compliance measures such as the Sarbanes-Oxley Act, HIPAA (Health Insurance Portability and Accountability Act), and the Graham-Leach-Bliley Act are forcing companies to augment records retention practices and procedures.
For Sarbanes-Oxley in particular, a great deal of work still needs to be done in terms of data management, according to a Hackett Group survey released last week that found nearly half of the 22 company survey respondents ignored the importance of IT toward compliance efforts.
"Our sense is that most companies have some handle on [Sarbanes Oxley] regulations and demands," said David Oppenheim, Senior Business Advisor for the Philadelphia, Penn.-based The Hackett Group. "The question is whether they can identify issues, and deal with them in time, in a way that goes beyond one time fixes that have to be repeated. They need a systematic approach."
Introduced in 2002 by the U.S. Securities and Exchange Commission, the Sarbanes-Oxley Act set legislative deadlines calling for most public companies to meet financial reporting and certification mandates for any end of year financial statements filed after June 15, 2004. Foreign and smaller companies have a bit more time to comply, facing mandates for statements filed after April 2005.