hosted by panel discussion: “regulatory compliance -- the effect on information management and the...
TRANSCRIPT
Hosted by
Panel Discussion: “Regulatory compliance -- The effect on information management and the storage industry”
Moderator: Peter Gerr, senior research analyst, Enterprise Storage Group
Jeffrey PlotkinSecurities Attorney, Former SEC Chief AttorneyNew York Broker Division
Steve FikeSenior Technical Specialist, BJC Health Care
Panelists
Michael SullivanCo-founder, Executive ChairmanSteelpoint Technologies
Hosted by
Peter A. Gerr - AnalystThe Enterprise Storage Group, Inc.http://www.enterprisestoragegroup.com
Regulatory Compliance:
The effect on information
management and the storage
industry
Hosted byThe Compliance landscape is minefield
Rev. Proc 97-22
SEC 17ad-7
Sarbanes-Oxley
21 CFR Part 11
NARA Part 1234
HIPAA
eSign Act
SEC 17a-4
DoD 5015.2
ISO 15489-1
BSI DISC PD 0008:1999
e-Government Interoperability Framework (eGif)
Data Protection Act of 1998
Freedom of Information Act of 2000
Public Records Office
UK Metadata Framework
DICOM
SEC 17a-3
FERC Part 125
NASD 3010
NASD 3110
> 10,000 regulations in US alone
Scope: Compliance with Federal, State, Local regulations
Depth: Industry-specific, Public corporations
Impact: Cost to comply / remediate, Penalties for non-compliance
EPA
DOTRev. Proc 97-22
SEC 17ad-7
Sarbanes-Oxley
21 CFR Part 11
NARA Part 1234
HIPAA
eSign Act
SEC 17a-4
DoD 5015.2
ISO 15489-1
BSI DISC PD 0008:1999
e-Government Interoperability Framework (eGif)
Data Protection Act of 1998
Freedom of Information Act of 2000
Public Records Office
UK Metadata Framework
DICOM
SEC 17a-3
FERC Part 125
NASD 3010
NASD 3110
> 10,000 regulations in US alone
Scope: Compliance with Federal, State, Local regulations
Depth: Industry-specific, Public corporations
Impact: Cost to comply / remediate, Penalties for non-compliance
EPA
DOT
Hosted byKey considerations for IT professionals
Information is pervasive; Compliance is another driving force behind the creation, sharing, and retention of more
information
People, processes and technology need to scale as more records are retained
View compliance as both a business and technology discussion; Companies must evaluate the cost / benefits of digitizing records and online records
management
Enable business process reengineering and mitigate risks of non-
compliance and business disruption
Storage technology plays a central role; Applications drive the business and create the records that are the focus of compliance
The challenge and opportunity for vendors is that there are myriad technologies and
solutions that satisfy compliance regulations
Hosted byRecurring themes across verticals / industries
Expanding scope of regulations• Explosive growth in number of “compliant records”
• Increased complexity for IT / increased cost & risk for the business
Efficiencies managing the “lifecycle” of compliant records• Stringent & diverse privacy, security, & data protection needs
• Different retention / disposition schedules
Requirements for long-term compliant records storage:• “Discovery” – Can I retrieve / recover it?
• “Legibility” – Can I read it today and tomorrow?
• “Authenticity” – Can I verify it’s the original?
• “Auditability” – Can I provide for 3rd party review?
Hosted byCompliance impacts the entire organization
Compliant Records
Business Drivers – CEO / CFO How do I extract competitive differentiation
from my information while also protecting it? How do I reduce my technology operating
costs and risk while maintaining compliance?
Technology Drivers – CIO / CTO / IT Manager How can I reduce my cost of IT while managing growing
complexity and capacity? How can I best protect and manage my compliant
records along with my non-compliant data? How do I accomplish all this while delivering the
business resilient and consistent IT QoS?
Market Drivers – LoB Managers Within the context of regulatory compliance, how do I:
Leverage technology and information to bring products to market faster and at a lower cost?
Balance the need to comply and manage records appropriately with my need to share information quickly?
Regulatory Drivers – CRO / CCO / Legal Dept* What records must I retain and for how long
to maintain compliance? How do I reduce my technology operating
costs and risk while maintaining compliance? *CRO = Chief Risk Officer
CCO –=Chief Compliance Officer
Compliant Records
Business Drivers – CEO / CFO How do I extract competitive differentiation
from my information while also protecting it? How do I reduce my technology operating
costs and risk while maintaining compliance?
Technology Drivers – CIO / CTO / IT Manager How can I reduce my cost of IT while managing growing
complexity and capacity? How can I best protect and manage my compliant
records along with my non-compliant data? How do I accomplish all this while delivering the
business resilient and consistent IT QoS?
Market Drivers – LoB Managers Within the context of regulatory compliance, how do I:
Leverage technology and information to bring products to market faster and at a lower cost?
Balance the need to comply and manage records appropriately with my need to share information quickly?
Regulatory Drivers – CRO / CCO / Legal Dept* What records must I retain and for how long
to maintain compliance? How do I reduce my technology operating
costs and risk while maintaining compliance? *CRO = Chief Risk Officer
CCO –=Chief Compliance Officer
Business Drivers – CEO / CFO
Regulatory Drivers – CRO / Legal
Technology Drivers – CIO / IT Mgr
Market Drivers – LoB Managers
Hosted by
More Danger Ahead….
Hosted by
If you hear the “click”, it’s too late…
React Plan
Hosted by
Thank you!