The present invention relates in general to the field of computers and similar technologies, and in particular to software utilized in this field. Still more particularly, it relates to compliance of policy initiatives.
Today's organizations face a myriad of regulatory and legislative mandates that require continuous oversight and ongoing management. Two of the better known of these mandates include the Sarbanes-Oxley Act to fight corporate fraud and the Health Information Portability and Accountability Act (HIPAA) to improve the privacy and security of patient's medical information. Others include the Patriot Act to counter a broad range of terrorist threats, Basel II to establish the standards for measuring the adequacy of a bank's capital, and SEC 17A-4 for the secure electronic storage of securities trading records. Increasingly, these and other applicable laws, rules and regulations have a direct impact on the policies that govern the operation of an organization and the behavior of its executives and employees.
The responsibility for complying with these laws and regulations generally resides in different functional silos within the organization, which can include risk management, finance, information technology (IT), legal, operations, sales, and human resources. While executive management is generally held accountable for ensuring that each party in their organization is aware of, and meets, their respective compliance responsibilities, gaining visibility across multiple compliance activities can be difficult. In addition, external regulations may contradict each other and/or conflict with internal policies and guidelines, causing confusion and operational inefficiencies. As a result, it is becoming common for regulatory compliance to be formalized as a functional area in its own right, responsible for coordinating the fragmented compliance activities of other groups while centralizing compliance oversight within the organization.
However, providing the means to effectively enforce policies and controls, whether external, internal, or both, can be challenging. Past approaches have addressed different aspects of the issue, including the implementation of rules-based and automated systems. But these systems are typically constrained within the functional silos of an organization. In view of the foregoing, there is a need for providing relevant guidance comprising applicable elements of one or more external or internal policies, regardless of their original intent or the location of their control sources within an organization, to facilitate policy compliance.