Taking control

The impact of regulatory change on businesses the world over is a hot topic of discussion. The likes of the Financial Intelligence Centre Act and the Financial Advisory and Intermediary Services Act have impacted each of us personally at some point.

Sarbanes-Oxley has challenging reporting requirements, particularly for local companies required to conform to US head office policies and procedures.

One issue arising from this discussion is the resultant need for information storage, particularly digital and digitised data. On the surface this may not be perceived as a problem, as current document management technologies enable users to store documents and records with some ease.

In reality, however, the problem with storing digital information for regulatory purposes lies exactly in this uncontrolled and unmanaged user involvement and empowerment. It is concerning that users can simply store documents where and how they deem appropriate, in any manner they consider necessary.

In every organisation, the physical archiving of documents is carefully controlled and catalogued. Why then should the storing of digital documentation be any different? Unfortunately some people have been caught up in the latest technology enabling easy and quick storage. The result is that they neglect the underlying business requirements - a crucial error.

Organisations store information to record that an event happened in a specific manner; that users took specific actions in accordance with a business process. Often, what needs to be recorded is not just the resultant document or contract, but which users were involved in the creation of the information, how long it took to ultimately publish the data and what changes were made along the way, and by whom.

In the context of a process being executed, all user interactions must be carefully tracked and logged.

By recording these actions systematically and properly, organisations can then be assured of the level of transparency that is required by many governance-related regulations today.

The primary reason compliance data is stored is to provide proof that an event took place at a given point in time. Therefore, when called upon to do so, a company must be able to provide all the documentation and steps that led up to the creation of that information. There must be no digital paw prints that could potentially damage the integrity of that data.

The quick retrieval of information is as important as its being securely and reliably stored. Nothing justifies requiring months to search for information. It needs to be ready and available, immediately.

In a digital world, anarchy spreads imperceptibly and immediately, like a plague.

Grant Hodgkinson, sales and marketing director, Mint Net

Since organisations need to have this information stored for retrieval at any time, it is critical that all data inserted into the repository is properly catalogued and referenced. By allowing users to simply store a copy of a user's identity document in some arbitrary location on a document storage system, you frustrate the ability to retrieve this information when necessary.

Rather, when you need to store the image of an identity document, the right data must be associated with it and everything must be stored in the correct area, for search and retrieval purposes.

Often, storing data in compliance with regulations is best achieved through a suitable workflow or process automation system.

By enforcing rules of storage and data capture in a consistent manner, you can be assured of finding that information again when called to do so. More than that, the information you search for will be reliable, transparent and a single version of the truth.

Most vendors in the area of information management and storage have positioned some type of process automation technology alongside their storage offering. However, many of them are not positioning the need for this technology from a regulatory perspective.

Simply getting your user to declare a record, or publish a finalised document, without due process, is bad form. It might look and sound impressive from a technology perspective, but the corporate implications are substantial and negative.

Imagine if every single person in your organisation had authority to store and retrieve physical documents in a manual archive. Chaos would rule and in a digital world, anarchy spreads imperceptibly and immediately, like a plague. By the time you realise you are sick, it is too late.