ComplyOr Else!By Aaron Goldberg | Posted 2004-03-15 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
In application and system design, not enough attention is being paid to supporting critical compliance factors, Aaron C. Goldberg writes.
For the past few years, the big buzz in application and system design has been to "support business processes." Unfortunately, many organizations have a blind spot in a critical area of business processes: compliance. The focus in new application development has often been on workflow, information flow and user interaction. Not enough attention is being paid to supporting critical compliance factors. For example, as I discovered at a recent CIO roundtable in Boston, some new hospital patient record systems still don't have full compliance with HIPAA. And in the financial sector, I found that too many account management systems have no links to provisioning or identity management systems.
The bottom line is that many of the newest applications don't fully support business operations because they cannot meet requirements for compliance, audit and regulation. These applications will create more problems than they solve. The cost of retrofitting compliance is going to be far larger than building it in.
Merely stating that organizations need a compliance infrastructure built into IT systems doesn't create the budget to do it. Despite improving business conditions, budget dollars aren't exactly raining from the sky. Some creative approaches may be needed.
One method of finessing the budget issue is to burden one of the larger new applications with the cost of key compliance infrastructure products that it will eventually need. For example, as an educational institution puts in a student information system, the ID management software and infrastructure is added into the cost of the project. This allows succeeding applications to use the same ID management tools for which one key application has paid.