As Published In May 2004

Getting Compliant with Oracle Collaboration Suite
By Caroline Kvitka

Sarbanes-Oxley, the Health Insurance Portability and Accountability Act (HIPAA), Securities and Exchange Commission (SEC) regulations, and state and local breach and disclosure laws—these are just some of the regulatory requirements that are overwhelming companies today. More than ever, companies need internal controls that give them a complete, real-time view of their business operations so they can comply with these demanding fiscal reporting regulations. Getting control of unstructured content, which can represent as much as 80 percent of all business information, is a daunting task for almost any company. Structured content, such as data generated by transactional applications, is typically managed in an enterprise database. Unstructured content—e-mail, electronic documents, instant messages, voice mail, faxes, and Web conferences—is typically poorly organized, hard to find, and controlled under ad hoc security. The problem is, corporate compliance requires managing both.

"It's important for a company to have everything under control, and unstructured data is the hardest single piece to organize," says Simon Lorne, former managing director at Salomon Smith Barney and General Counsel of the SEC and now codirector of Stanford University Law School's Director's College, a program that examines the role of the director in the modern corporation. "In terms of an ongoing internal control environment, there will be information out there that simply won't show up anywhere else, and in a crisis, it will be discovered."

By managing both unstructured and structured content, organizations can be prepared for crises. "We've seen situations where companies are suddenly under attack, and they don't know what information they have, so it takes days, weeks, even months to respond," says Lorne. "Most of the time, a company in a crisis can recover if it has the right information. The more time that goes by, the more the chance of recovery lessens."

Although there's no magic compliance bullet, long-term solutions must create a comprehensive risk-management infrastructure that supports transparent solutions that don't disrupt users. A critical requirement for any successful compliance solution is that it become an integral part of a user's workday. A comprehensive solution should combine corporate policy, employee education, and technology.

Centralized Data Is Key

Organizations can take the first step to controlling their content by establishing a centralized repository to cost-effectively audit, archive, and manage content for compliance. The Oracle Files component of Oracle Collaboration Suite provides an adaptable platform to mitigate risk and strengthen corporate compliance by managing unstructured content in an Oracle database, just like structured content. Another benefit of this vital first step toward compliance is that it provides all the security, scalability, and reliability associated with Oracle Database. In addition to supporting compliance with regulatory requirements, a good internal controls structure can actually help a company create strategic advantage by providing insight into the company. "Good internal controls are like a satellite navigation system in your car," says Lorne. "They monitor where you are and where you're going—and tell you when you miss a turn."