Taking on Corporate Compliance

HP has published a good white paper aimed at IT and corporate best practices around eDiscovery and compliance. It's basic knowledge but that's good when it comes to this particular business need. IT (the profession where I got my start) is made up of a lot of very smart people who are not always conversant with eDiscovery and its implications for compliance.

Let me restate and expand on one section that is near and dear to my heart: managing data for compliance and governance. HP makes the point that you really do need an enterprise technology for managing at this level. Granted they're trying to sell you their own package, but they're absolutely right -- IT really does need technologies that can manage data with hooks into compliance and governance policies, and that can do it across storage infrastructures. The technology alone won't do the trick; you also need to allow for services and business policies around governance. But the technology platform you choose will be crucial in getting the job done.

Interdisciplinary teams of IT and Compliance/Legal builds organizational standards for records management and electronic document handling. The teams put policies and procedures in place to support the standards. For example, IT works with Compliance to determine retention periods for data types according to regulatory and/or internal governance standards. It is then IT's responsibility to observe retention periods, using the eDiscovery/Compliance platform technology to automate migration and deletion schedules.

The technology platform should be able to:

-- Hook into regulatory policies. Common regulatory policies should come straight out of the box with the ability to add and customize at will. This allows companies to use pre-existing regulatory and industry compliance hooks and to add custom governance policies.