Content Management and Compliance

Content Management has become increasingly important and complex in recent years. An effective solution can streamline access, eliminate bottlenecks, optimize security, maintain integrity and minimize overhead.

Financial fraud, data breaches and ever stricter regulations have made effective information governance essential not only for compliance reasons, but also to help protect the organization’s reputation.

In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that corporations or public agencies aspire to achieve in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and regulations.

Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls.  This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources. There is no better way to achieve this than by deploying a Content Management system.

Additionally organizations can define their own processes that allow them to function in a uniform way, maintain quality, protect their assets or be more responsive to their customers and employees. A Content Management initiative can further involve controls and audit procedures for internal financial operations, human resource policies, tracking professional requirements such as certifications or visa status, or managing confidentiality requirements such as information related to nondisclosure agreements (NDAs), copyrights, patents or insider information related to trading.

Compliance can be a headache. There is an even increasing number of regulations to be taken care off, not to mention the internal policies, procedures and product/service related documentation.

A Content Management system enables the tracking and managing of documents in order to make compliance to regulations a lot easier. But it is not panacea. There are a lot of issues that need to be addressed, the sooner the better.

When initiating this process, you should not only scope the project and form the team, but also built a case for the expected investment. Even when planning is thorough, quite often we experience user acceptance challenges. Just by implementing and deploying the system is not enough. This new technology available to your organization should be put to best use. It will never be a success if it increases complexity in your organization. Along with your technology partner it is essential that you establish governance policies and best practices, then communicate them to your staff and make the necessary fine-tuning.  These policies need to reflect the processes and workflows of your business. Integrating your processes with the technology is not an easy task, especially for organizations with numerous international divisions, departments and any other kind of structures that spawn multiple processes along the various branches of your business along with multiple influential stakeholders. Therefore it is imperative that your technology partner can understand your business and that you are committed during the planning and implementation of the project.

The biggest danger for a successful implementation of a Content Management project does not derive from the technology, which nowdays is largely commoditized among the various vendors, but rather from the users. Based upon our experience, the introduction of a new Content Management System in the organization can be very disruptive.

You have to consider that all your other systems like your Data Warehouse, ERP, CRM, financial systems etc. are now considered as indispensable to the way your organization works. Without them you would simply not able to do the work. But by introducing a new Content Management system you are telling your people to change the way they work. They have to learn new processes, documents kept in a certain way, in a certain system, perhaps it is required from them to perform some additional tasks that require more work … and all that when they have alternative ways to operate and do the job with workarounds.

Often IT departments and management invest too much resources examining the technical aspects, comparing features from different vendors while paying little or no attention to their user needs. It always pays to include users in the project from the beginning.  It is often a good idea to examine the organization’s maturity level with the help of your technology partner.  Some organizations are simply not mature enough for a full blown Content Management System implementation. If this is the case, then your technology partner will help you develop a framework and a roadmap as part of your strategy.

Perhaps it is better to implement only few features and basic capabilities, while continuously improving the system with ever increasing sophistication and complexity through time.

The objective is to bring order to chaos. For technologist this is a very challenging task especially when they are not familiar with the processes, information assets and terminology of the business. Developing an effective solution requires bridging the gap and gaining an intimate understanding of the business side of the organization. Individual processes need to be standardized, policies and processes need to be documented, and information assets need to be locatable and searchable. And users accustomed to their own ways of doing things need to be willing to move to a standardized, policy-driven universe. Often the centralization of information upsets some users, it has a Big Brother effect, therefore users should be early on informed about the benefits, about productivity, security and accountability.

The secret of getting the system to work is that IT and your Technology partner shouldn’t be making the rules. Rules have to be driven by the business and derived by the people who get the work done.

Despite the challenges, Content Management is perhaps the most important tool for meeting compliance goals. In order for a business to respond to the challenges associated with those various compliance issues, it needs to develop sound practices and processes to manage information.

Our experience shows that although most organizations have effectively managed structured information such as data that resides in enterprise systems like ERP and CRM systems, they have not mastered unstructured information — such as that found in physical paper documents, images, microfilm and numerous document repositories. Proper management of this unstructured content has a key role to ensuring compliance. In fact modern Content Management systems are designed to ensure this and provide records management capabilities that govern retention and disposition.

Whatever the capabilities of the Content Management System, it should be looked always in contrast to the business as a whole. Since no two businesses are the same, respectively no two Content Management implementations should be the same. From the business side Content Management should take the policies and processes, analyze and mine them in order to provide value, for example by extracting data from  email messages, faxes, contracts and other sources and providing it to transaction processes.

In order to apply a robust governance system, Content Management should incorporate roles, responsibilities, processes and procedures. Thus the integrity and proper use of data is assured and information is accessed, approved and published in a controlled manner. The Content Management system specifies what information certain groups or users are allowed to access and what they can’t.

Content Management creates great opportunities for compliance functions, but it can also comes with great risk if not done right. It is not a miracle software. The complete and total management of all unstructured data can become a reality. But given too many liberty it may actually compromise your core operation. Before anything starts fundamental agreements for what the solution must do, and what you want it to have should be signed. Of course, maintaining at least the current performance levels should be a must. Keep in mind that not everything is as it looks. Marketing material may be misleading. Ask a thorough proof of concept before you get committed and describe with detail your acceptance criteria. If you already have a compliance system running then do not replace it with the new Content Management system unless the later is thoroughly tested and proved to be able to handle demand. We suggest that you run both systems in parallel for a whole year and not just a month. This might be expensive, but it’s even more expensive to undo an inadequate implementation under the realization several months later that it cannot handle the load.

If your current compliance and audit processes are manual, then workflows is the best place to start. Workflows will make your life easier and more effective.

Another place to look is document-centric collaboration. Tools to collaborate on document creation, like policies or audit documents, can greatly increase inclusion and feedback from all the right people. Cross-functional stakeholder concerns around compliance can be addressed in near-real time while legal, process experts, IT and all other compliance support team members can model the compliance architecture properly the first time. This avoids unnecessary delays and rework.

Finally, Web content management can be a great addition to your compliance function. For instance, when building the functional requirements for your Content Management Strategy, build in e-discovery use cases that involve litigation holds. Write into your acceptance tests the ability for the solution to effectively tag a subject area of concern with proper metatags, and prevent the destruction of any Web pages with the identified metatags once a litigation hold is put in place.

These are just some examples of how the newer features of ECM can boost your compliance efficiency and effectiveness. With very little effort and possibly a short brainstorming session with your team and technology partner, you can come up with many more use cases like this  to include in your proof of concept and/or acceptance tests.

Organizations need to look beyond their current practices and adopt a broader framework for managing their information assets — namely, a framework of information management compliance by using a Content Management System. In order to do this with success they need to employ:

  1. Good policies and procedures
  2. Executive-level project responsibility
  3. Proper delegation of program roles and components
  4. Project dissemination, communication, and training
  5. Auditing and monitoring to measure project compliance
  6. Effective and consistent project enforcement
  7. Continuous project improvement:

As a conclusion, the deployment of a Content Management System is the best way to meet your compliance goals. It is not however an easy process and a lot of challenges will need to be addressed. The technology exists as well as a wide vendor variety. But the decisive factor for a successful implementation is not technology but rather people. Management needs to be committed, business looked as a whole, users involved and your technology partner needs to understand the available technology as well as your business.

 

This Blog is created and maintained by Iraklis Mardiris

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s