TrendWatch Blog
Compliance is a dirty word
15-Apr-2008If there is one word I hate to hear used in this industry it's the word compliance.
To me it's like fingernails down a blackboard, and frankly if I never hear it used again then I would be a happy man. Of course I have to endure the word in virtually every article and vendor press release I read. I don't like the word because it is a blanket term that used without context is totally meaningless, yet it's a word (much like governance) that sounds impressive and few people in the room will admit that they don't really understand it. Well let me be among the first to point out the the Compliance Emperor often has no clothes.
The first question we should ask when the C word is used is: with what exactly is do you expect to comply? It could be one of three things:
Policy Compliance - to meet the needs of internal procedures and policies
Regulatory Compliance - to meet the needs of a specific regulation such as the Federal Rules of Civil Procedure
Legal Compliance - readiness to meet any particular legal challenge that may impact your enterprise
These are three increasingly stringent compliance types - all quite different, and all typically requiring different strategies, technologies, and skill sets to support.
When vendors blithely talk about compliance, it's incumbent on you to ask specifically what compliance needs they are referencing. And also for you to consider if you have the patience and resources to manage such potentially granular compliance needs. It all looks so easy on a PPT presentation, but can rapidly become near impossible to manage in reality. Many of the people I have been talking to over the past few months are in the very most regulated industries, and virtually all of them told me that despite investing in very expensive compliance software, they have reverted to the most basic policies possible for retention and disposition. Pretty much what they had and were doing prior to buying yet more fancy technology.
Think about it. If you are trying to justify the purchase of archiving or content management technology using compliance as the driver you are very likely to fail. Sure if you are broker on Wall Street then theoretically at least you have to be compliant with certain regulations (such as SEC 17A) or you cannot trade. But outside of such places, most people wing it - be it in Pharmaceuticals, Energy, Aerospace or any other highly regulated sector you care to think of. In fact, most enterprises have at best a cavalier attitude towards compliance. For they know there are very few inspectors (internal or external) around, they know they basically have to do something spectacularly criminal or stupid to be audited, and they figure that ultimately it's just not that big an issue. Frightening, and maybe hard to swallow, but true.
My point -- if I have one beyond the need to rant -- is that simple retention and disposition makes a whole lot of sense. It may only meet the minimal needs of compliance requirements, but in most cases it's enough. Mix this with the added benefits of promptly destroying content that you have no need to keep, and you can gain quick server and storage optimization advantages, over and above the increased ability to actually find stuff. Getting bedazzled by a technology pitch usually leads to a dead-end. You buy the tool, then you see the enormity of the task ahead, then you walk away. While anathema to many, simply doing something is nearly always better than doing nothing, but doing nothing and wasting a lot of money in the process really stinks.
- Submitted by: Alan Pelz-Sharpe, Analyst
Join the conversation
Get a Free Sample
Wondering about CMS Watch research? Sign up to receive free samples of any of our products.