Scanning as a Compliance Driver
In an unpublished InfoTrends’ research project conducted slightly more than one year ago, we surveyed the US financial services industry to learn about the adoption rates and technology usage behaviors of office/workgroup document solutions. Compliance matters loomed large in this study.
We surveyed more than 350 businesses in the segments of: banking, insurance, investment, and credit and lending. Approximately 50% of the respondents came from large businesses with 1,000 employees, followed by an even split between medium (100-999) and small (1-99) at 25% each.
We asked many questions about technology and compliance. One question in particular caught my attention and was able to summon up the slide from my archives. The question posed had 344 respondents and it was phrased this way, “please identify whether you believe the following technologies would help with the following compliance regulations. Please check all that apply.” (refer to graph immediately below)
Scanning hardcopy documents as an action to help organizations meet the requirements of compliance ranked highest in value across all ten compliance measures tested, whereas, scanning hardcopy documents directly to a central repository scored second highest in value against these same measures.
It became clear to us that scanning as a baseline business activity is highly valued by the respondents of our survey as playing a critically important function in helping their organization to satisfy a plethora of compliance regulations. Capturing paper-based documents digitally via scan followed by indexing, routing, storing and securing same is vital to an organization’s ability to be compliant, regardless of the regulation in play.
So is scanning a compliance driver? From our perspective, yes indeed.
For more information, I would focus on the following regulations/standards, which hit all of the major elements of compliance and are the most far-reaching and well-known:
Amended FRCP (Federal Rules of Civil Procedure)
Records management, archiving, and discovery perspective
- http://en.wikipedia.org/wiki/Federal_Rules_of_Civil_Procedure <-- high-level overview
- www.uscourts.gov/rules/EDiscovery_w_Notes.pdf <-- the amendments with notes
- https://extranet1.klgates.com/ediscovery/ ß a searchable database of e-discovery cases… good stuff
HIPAA (Health Insurance Portability & Assurance Act)
Security and privacy
- http://en.wikipedia.org/wiki/HIPAA
- http://www.hhs.gov/ocr/hipaa/ - Health & human Services Web site for HIPAA information
- http://www.cdc.gov/mmwr/preview/mmwrhtml/m2e411a1.htm - HIPAA Privacy Rule and Public Health Guidance from CDC and the U.S. Department of Health and Human Services*
SOX (Sarbanes Oxley)
Internal controls
- http://en.wikipedia.org/wiki/Sarbanes-Oxley_Act
- http://en.wikipedia.org/wiki/SOX_404_top-down_risk_assessment <-- section 404 of SOX is the infamous “internal controls” part… this risk assessment is a key aspect of compliance
This is also interesting -- http://www.whitehouse.gov/omb/memoranda/fy2008/m08-15.pdf
A white house memo saying that “When planning for and acquiring information systems and services, agencies must incorporate records management and archival functions, including the cost of implementing and maintaining those functions, into the design, development, and implementation of information systems.”
This blog is great and has provided interesting and useful information. Thanks and I hope to see such information in the future as well.
Posted by: pensioen verzekering | March 20, 2009 at 01:27 AM