Best Practices: Meeting Compliance Challenges

Compliance Questions to Ask and Answer

Do you know what will happen to your business operations if parts of your networks or systems fail?

• Are your systems and networks protected against viruses and other malware?
• Do you have ways to authenticate everyone who accesses your information systems and data?
• Can you monitor how your IT network is used and by whom?
• Do you have the means to track security incidents?
• Is your data tamper-proof?
• Is your key data backed up off-site?
• Have you protected "unstructured" data -- that is, the emails, spreadsheets, and other documents on your employees' desktop systems?
• Do you have company-wide email archiving capability?
• How long does your data need to be archived and how quickly must you be able to retrieve it?
• Can you show/prove that you are in compliance?

Anticipating the Future: Why Archiving Email Is Worth It

Many new regulations now require that organizations do one or more of the following:

• Keep copies of all emails, including all email transactions with third parties
• Archive email messages in a way that ensures the emails are authentic -- typically in an indexed format that is secure and that enables on-demand retrieval, viewing, reproduction, and manipulation in the same manner as the original
• Be able to retrieve selected email messages quickly -- sometimes in as little as 48 hours
• Preserve copies of electronic calendars of key employees

Consider this large-company anecdote, possibly applicable to smaller firms, too: in a 2003 sex discrimination/retaliation suit brought against UBS Warburg, the plaintiff sought emails in discovery. The archived emails cost $175,000 to restore and produce, an expense borne solely by the defendant.

The Virtues of Voluntary Compliance

Following basic corporate governance best practices -- even when you're not required to -- can pay off in a number of ways:

• The information on which your business depends will be more accurate and more timely, since you'll be working with just one version of company financial and operational data -- which will be available in real time to you, other decision-makers, and your auditors.
• Financial processes will be streamlined and your company's financial information will be more reliable, making your business more attractive to potential customers and partners.
• You'll create a better audit trail and will reduce auditing costs because data can be more easily tracked.
• Your company will enjoy lower fraud risks because unauthorized data access has been made more difficult.
• Your business processes will become more efficient and your controls will work better as you standardize reports, automate manual activities, and consolidate or eliminate redundant workflows.
• Your business will be able to respond more quickly to opportunities and challenges, thanks to more accurate information being made available to the right people at the right time.

Similarly, embracing the practices and technologies supporting data privacy and protection standards will help your company avoid the legal and competitive liabilities of violating (intentionally or not) the rights ofcustomers and employees.

Thus for all the hassle of regulatory and standards compliance, there is a silver lining: you'll have much better tools with which to manage and protect your resources, monitor your business, and control employee actions. Combined, that all adds up to a competitive edge.

Endnotes

^3-1 Compliance IT to sport double-digit growth through 2009, InformationWeek smallbizpipeline, March 2005
^3-2 The impact of Sarbanes-Oxley on private companies, Foley & Lardner LLP, 2005

For more information on CA's small and medium business solutions, please visit ca.com/smb.

Copyright 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. To the extent permitted by applicable law, CA provides this document "AS IS" without warranty of any kind, including, without limitation, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised of such damages. Inc. and Inc. 500 are registered trademarks owned by Gruner + Jahr Printing & Publishing Co.
MP282980605

This story was editorially selected as relevant and is used with permission from CA. PC World received no compensation for posting this article.