Cross Industry Governance and Compliance
The regulatory burden on businesses grows more onerous every day: Sarbanes-Oxley, Payment Card Industry Data Security Standard (PCI/DSS), Statement on Auditing Standard – Service Organizations (SAS-70), California Security Breach Information Act (SB 1386). And this burden is not lessening; rather it is growing more complex and more expensive.
Companies have responded by allocating headcount and money to the problem and by quickly creating a host of distinct "point solutions" to meet compliance challenges. These solutions are proliferating throughout the organization – they can be found in the audit committee, finance, HR, sales, procurement, and IT. Entire compliance departments are even being organized around specific regulatory bodies, such as the SEC for Sarbanes-Oxley, or the FDA in response to the Health Insurance Portability and Accountability Act or the Gramm-Leach-Billley Act.
It is extremely inefficient and costly to approach governance in this manner. There are duplicate investments in staffing, technology, and training. Requirements are not well defined, and they are redundant and overlap. Each "silo" approaches compliance in its own particular way and is not designed to talk to other point solutions. Information is not shared; there are multiple versions of the truth. And most importantly, there are compliance situations and exposures falling inadvertently between silos.
Governance imposes a major burden on core business functions as these functions attempt to satisfy all the compliance requests, coming from all the different point solutions, while trying to conduct daily business. And the demands and requests are growing.
Polivec's EGS works to solve these problems by integrating and controlling all aspects of policy management across multiple regulations and departments. EGS allows administrators to create and store policies that fulfill regulations; track required procedures and tasks needed to fulfill those policies; determine who has access to the information, and show who has reviewed and accepted the policies. It provides a simple repository that allows users to easily distribute policies across the organization and track that they were read and understood.