by Jon Reardon
In an unpublished InfoTrends’ research project conducted slightly more than one year ago, we surveyed the US financial services industry to learn about the adoption rates and technology usage behaviors of office/workgroup document solutions. Compliance matters loomed large in this study.
We surveyed more than 350 businesses in the segments of: banking, insurance, investment, and credit and lending. Approximately 50% of the respondents came from large businesses with 1,000 employees, followed by an even split between medium (100-999) and small (1-99) at 25% each.
We asked many questions about technology and compliance. One question in particular caught my attention and was able to summon up the slide from my archives. The question posed had 344 respondents and it was phrased this way, “please identify whether you believe the following technologies would help with the following compliance regulations. Please check all that apply.”
Scanning hardcopy documents as an action to help organizations meet the requirements of compliance ranked highest in value across all ten compliance measures tested, whereas, scanning hardcopy documents directly to a central repository scored second highest in value against these same measures.
It became clear to us that scanning as a baseline business activity is highly valued by the respondents of our survey as playing a critically important function in helping their organization to satisfy a plethora of compliance regulations. Capturing paper-based documents digitally via scan followed by indexing, routing, storing and securing same is vital to an organization’s ability to be compliant, regardless of the regulation in play.
So is scanning a compliance driver? From our perspective, yes indeed.
For more information, I would focus on the following regulations/standards, which hit all of the major elements of compliance and are the most far-reaching and well-known:
Amended FRCP (Federal Rules of Civil Procedure)
Records management, archiving, and discovery perspective
http://en.wikipedia.org/wiki/Federal_Rules_of_Civil_Procedure <-- high-level overview www.uscourts.gov/rules/EDiscovery_w_Notes.pdf <-- the amendments with notes
HIPAA (Health Insurance Portability & Assurance Act)
Security and privacy
http://en.wikipedia.org/wiki/HIPAA http://www.hhs.gov/ocr/hipaa/ - Health & human Services Web site for HIPAA information http://www.cdc.gov/mmwr/preview/mmwrhtml/m2e411a1.htm - HIPAA Privacy Rule and Public Health Guidance from CDC and the U.S. Department of Health and Human Services*
SOX (Sarbanes Oxley)
Internal controls
http://en.wikipedia.org/wiki/Sarbanes-Oxley_Act http://en.wikipedia.org/wiki/SOX_404_top-down_risk_assessment <-- section 404 of SOX is the infamous “internal controls” part… this risk assessment is a key aspect of compliance
This is also interesting -- http://www.whitehouse.gov/omb/memoranda/fy2008/m08-15.pdf
A white house memo saying that “When planning for and acquiring information systems and services, agencies must incorporate records management and archival functions, including the cost of implementing and maintaining those functions, into the design, development, and implementation of information systems.”
This article originally appeared at the Document Imaging Blog. They retain all copyrights.
