The Solutions for Compliance report, published last week, warned users that they would require multiple technologies and approaches to support compliance. "You need systems to support compliance," said Mike Davis, principal analyst at Butler and one of the report's authors.
The report said, "The effective use of IT solutions provides the means to have a better understanding of how the business operates through documentation of, and adhering to, effective processes."
Butler categorised compliance products into three overlapping categories: information management tools, analysis and security.
Technologies that support compliance, according to the report are: business process management, discovery, disaster recovery, network security, policy management, and retrieval and search technologies. "Compliance is about retaining information," Davis said.
The report urged IT directors to address information management both for structured data, such as with ERP and CRM systems, and unstructured data, such as e-mail and instant messenging services. Butler said e-mail management systems could be used to consolidate mail from existing servers, and enterprise content management could gather data from multiple repositories.
In terms of the information analysis aspect of regulatory compliance, business intelligence tools can be deployed along with performance management software and balanced scorecards.
For information security, Butler advised users to take a multi-layered, policy-driven approach using an LDap- (Lightweight Directory Access Protocol) compliant directory to manage access to information based on the roles and job functions of end-users.
The report warned users to be wary of suppliers cashing-in on the drive towards compliance. In particular it claimed storage suppliers were "using the heightened awareness and demand for a quick fix as a new way of pushing their current products".
However, no single product or supplier has all the answers. The Butler report said, "There are multiple solutions required for compliance."
Much of the compliance legislation and regulation forces organisations to regularly review and potentially revise operational processes, with an emphasis on automation to reduce risk.
The report's authors pointed out that the technology driving compliance could be used by IT directors to demonstrate the value of IT to the business.
For instance, after Luton Borough Council installed an e-mail management system to deal with "subject access requests" under the Data Protection Act, it was able to handle administration previously carried out by two full-time staff with just "one-tenth of a person".
The ability to retrieve information rapidly is fundamental not only to the US Sarbanes-Oxley Act but also the UK Data Protection Act. This means users can develop a common technology framework to support both pieces of legislation, the report said.
IT for compliance
Business process management
Source: Butler Group