A coalition of eight tech companies has formed the Compliance and Management
Electronic Information (CMEI) working group in a bid to give companies a hand in formulating a comprehensive compliance framework for their business.
The group, made up of Oracle
, Veritas, Sun Microsystems
, Open Text
, Hitachi Data Systems, Network Appliance
and Plasmon, expects to have resources available on the Internet Law &
Policy Forum (ILPF) Web site in the next six months.
The ILPF is a non-profit organization that provides a neutral forum for
challenges posed by the Internet on law, policy, technology and businesses
worldwide. Outside the CMEI, the organization hosts working groups focused
on spam, self-regulation, security and policy, content liability, electronic
authentication and jurisdiction.
The CMEI site will host documentation on best practices for information
retention and maintenance regulations, provide counsel and exchange
information with various businesses, legislative bodies and regulatory
agencies in various workshops, and publish checklists and summaries of legal
and regulatory requirements for interested companies.
Officials say the many information compliance regulations worldwide cause
undo headaches for companies trying to abide by them, both in money and time
spent adhering to conflicting regulations. As an example they point to a
company, based in the United States with offices in the United Kingdom, that
severs its ties with a customer. Under U.S. law, companies must retain
records for seven years, but in the U.K. they must immediately destroy all
Those sorts of conflicting policy goals, as well as some of the weak
language found in ambiguous regulations was the main reason for the
formation of the working group, according to Harald Collet, CMEI chairman
and Oracle records management and compliance support product manager. With
businesses focused on complying with the deadlines of specific regulations,
he said, such as Sarbanes Oxley, they now have to work on building a
framework that is more all-encompassing.
In order to meet the deadlines, companies have invested in specialized compliance solutions that address one component of the
compliance puzzle for the challenge of having a transparent organization,
he said. “But what we’re seeing also is that companies are looking at those investments and saying, ‘this is not a great way to be spending half of my
IT budget trying to meet these one-off requirements, we need to put a
long-term compliance architecture in place.’ ”
Collet points to research conducted recently by AMR Research, which said companies would spend $6.1 billion in 2005 just to gain compliance with the regulations contained in the Sarbanes-Oxley Act; of that $6.1 billion, $1.7 billion will go toward the technology that helps companies meet compliance standards.
But while companies within the working group would stand to gain from
selling their products directly to customers — Oracle sells software like its E-Business Suite 11i.9 to help get companies in line with regulations like Sarbanes Oxley and HIPAA — Collet said the goal of the working group is to help customers by finding the best answers for them.
“The vendors that are involved in this all go into it with a spirit of trying to address the technology issues around this,” he said, “and I think that everyone who is involved in trying to solve this issue on the vendor side, they have an interest in clarifying the obligations and issues and pointing the way towards technology solutions that can help with this; it’s a win-win for everyone.
“If you look at the vendors, I think that you’ll see that they’re all
product-focused companies that primarily look at solving technology issues for customers with the spirit of helping customers, not just driving revenue or pitching a product,” he added.
Collect said membership is open for any vendor looking to join the CMEI
working group, after paying the admission price of $10,000. He also said
it’s the working group’s intention right now to offer its downloadable items
from its Web site for free.