The Sarbanes-Oxley Act is getting quite a bit of press these days. White papers from information technology (IT) vendors argue that document management, portals and even extract, transform and load (ETL) tools are integral parts of complying with the financial disclosure act. Certainly these and other applications can help with compliance, but they are not enough. Meeting regulations of Sarbanes-Oxley, the Health Insurance Portability and Accountability Act (HIPAA), FDA regulation 21 CFR Part II, Gramm-Leach-Bliley or other regulations that dictate controls on enterprise information requires comprehensive processes for tracking and managing change.

Getting a handle on compliance is an enterprise-scale challenge. Regulations can describe a logical object such as "protected health information" that spans multiple data sources and is subject to a range of processes. How can you manage such amorphous entities? The first step is to understand the problem from an organizational perspective.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access