Some of my old FileNet friends reading this article will smile… I realised today to my surprise, that it’s over 11 years ago that this simple concept was first articulated, and went on to form the basis of our compliance messaging, transitioned into IBM after the acquisition, and was presented in many conferences and briefings. The result of a quick brainstorm before a breakfast briefing for Bearingpoint, at an off-site annual kick-off session, the picture on the left is a scan from my original notebook where it first appeared, in January 2004. I have evidence of this still being included in presentations as late as 2011. In the world of PowerPoint slides, does that make it a classic?
Now, it may be an old message, but it is as valid today as it ever was. And since I’ve never written about it in this blog I thought it was worth re-introducing it to a whole new audience.
What does a company need to do, to be compliant?
There are three very fundamental and very explicit stages for an organisation to achieve a “compliant” status. These apply equally to every vertical industry, be it Banking, Insurance, Telco, Retail, Pharmaceutical, etc. And they also apply equally, if “compliance” refers to regulatory compliance in a Nuclear plant, financial compliance, or Health & Safety at a local school.
Step 1 – The Present: Become compliant
What do you need to do today, to comply with the rules and meet the regulations? What changes in procedure, what risk controls, what equipment checks, what training? This stage includes designing and implementing everything that a company needs to put in place, to be able to certify that today, it is compliant with each regulation the law currently subjects it to. Implementing this stage requires the company to (a) identify and understand which regulations are relevant and what they are expecting (b) identify possible areas and processes where the company is at a risk of not compliant with the regulations, and (c) implementing any changes necessary to remove those compliance risks.
Step 2 – The Future: Remain compliant
This is the part that is often forgotten, and ends up costing organisations millions in fines: Looking at the future. Becoming compliant is not enough, it’s just the first step. As an organisation, you need to ensure that compliance is sustained consistently in the future. That every system, every procedure and every employee remains within the controls and guidelines specified by the legal regulations or the company policies. At a manual level, this involves regular training for employees and regular testing of all the various controls and devices implemented in Step 2. The best way to implement Step 2 however, is automation. Putting in place systems and processes that not only monitor the company’s compliance, but that enforce it. The less a company relies on individual employees to maintain compliance the less likely it is to fall foul of compliance breaches through human error. Automation reduces training requirements, reduces management overheads, and it reduces wasting operational cycles for testing and reporting.
Step 3 – The Past: Demonstrate compliance
The final part of the process is looking at compliance retrospectively: Are you able to go back to a specific point in time, and demonstrate to a regulator, and auditor, or even a customer, that you operated compliantly. Are you able to shoe what decisions were made, what policies were in force, who made the decisions and what information they had available to them to support that decision? This is all about Records Management and audit trails. It’s about maintaining evidence of your compliance that is complete, accurate and irrefutable. Preparing for that retrospective compliance review in the future, should be a core part of the design of any compliance system implemented today.
So the meme Become – Remain – Demonstrate (or even “Achieve – Sustain – Prove”, as the alternative version that our U.S. marketing folk seemed to favour) summarises the three key steps that you need to remember about structuring a compliance programme. If you are faced with a new regulation, new management, or even a new mandate to create or replace IT systems for compliance, use these three steps to validate if your compliance strategy is complete or not.
Unless you live in a cave, you will have not failed to notice that mobility has taken over our life. As I write this, I’m sitting in a train full of commuters who, almost to a man, are holding a smart phone, a tablet or a laptop. The odd ones out, are reading a book… on a Kindle.
There is no denying that mobility is an established phenomenon and it’s here to stay. The IT industry is actively embracing it as the new Amalthean horn (alongside that other nebulous revolution – The Cloud). With Mobile First (IBM), The Mobile Imperative (Gartner), Enterprise Mobility(Accenture), 3rd Platform (IDC), etc., etc. .. one by one every major vendor and analyst is releasing their “mobile” strategy that will drive growth in the next 3, 5 or 10 years. And undoubtedly, it will.
But is our current obsession with mobility, really that revolutionary? Is the change in our culture and behaviour really so sudden and dramatic? Prompted by a very stimulating conversation at AIIM’s Executive Leadership Council (see the recent paper: The Mobile Reality), I decided to look at the historical milestones of computer mobility. Its heritage, if you like. The picture it paints is very interesting.
Let’s look at the impact of mobility on a decade by decade basis.
The starting point. Computer access was restricted to a single physical location, determined by the location of the computer machines themselves. Access was granted to few, selected, highly trained computer boffins, who were responsible for allocating the computing resource on a time-share basis, and deliver the results to the outside world. There is zero mobility involved at this stage.
The 70’s introduced the first layer of mobility to the organisation, and it had a transformational impact. “Dumb” terminals, could be distributed across the organisation, connected with RS-232 serial connections. Mobility was location-based, since connectivity was hard-wired and employees would have to physically go to wherever the terminal was, in order to access it. Systems became multi-user giving selected, trained, specialist users simultaneous access to computing power on-demand. Suddenly, computing power and business applications were no longer constrained by the physical location of the computer, but were distributed to core departments across the organisation.
The ‘80s saw the introduction of PCs. A hub-and-spoke revolution, where autonomous business machines could execute tasks locally, wherever they were located, and could communicate transparently with each other and with centralised servers. More “intelligent” connectivity through network cables introduced the client-server and email era. Mobility moved outside the constraints of the physical building. With the advent of “a PC on every desk”, users could work anywhere within the organisation and could communicate with each other, from building to building, and from town to town. Or copy their work on a floppy-disk and continue their work on their PC at home.
In the 90’s mobility went through another revolutionary phase. PCs gave way to laptops, work would be taken anywhere, and modems could allow dial-up connectivity back to the office. Location, for users that had been issued with a company laptop and modem access, was no longer constrained to the confines of the organisation. They could easily work connected from home, or from a customer site anywhere in the world. Mobile phones became a corporate tool, eventually obliterating phonecards and phoneboxes, and wireless handsets, brought telephone mobility within the home. All that mobility created its own cultural revolution, bringing faster on-site customer support, home-working and flexible hours. At the same time, the internet and world-wide-web broke out of the military and academic domains, and the first commercial internet applications started appearing.
With the millennium Y2K scare out of the way, mobility re-invented itself again. Website access and intranets, meant that every employee could access the corporate environment regardless of the physical machine they were using: A corporate notebook, home PC, Internet café, or hotel lobby, would be equally useful for checking emails, writing the odd MS-Office document, or finishing the latest marketing presentation. Virtually every employee had remote access to the organisation, and was actively encouraged to use it to reduce travelling and office-space. Internet commerce became universally accepted transforming the retail market. Computer form factor started reducing, with lighter notebooks and PDAs with styluses, touch screens and hand-writing recognition (remember Palm and Psion?), became the first truly portable devices. Mobile phones penetrated the personal consumer market, while Email and text messaging (SMS) started replacing phone calls, as the preferred mediums for short conversations. ADSL networks brought affordable broadband connectivity to the home, and the first 3G networks and devices allowed internet connection “on the go”.
Which brings us to today: Enter the iPhone and iPad generation, where the preferred device factor is smaller (smartphones), more portable (tablets, phablets) and more universal (Smart TVs, Wifi Cameras, etc). Mobile connectivity became a bit more reliable and a bit faster, using faster 3G and 4G networks on the street. WiFi Fibre optic broadband at home, in fast-food restaurants and at coffee chains, brought faster downloads and HD streaming. Consumers are moving to apps as the preferred interface (rather than websites) and internet access has become accessible to everyone and the preferred customer interaction medium for many businesses. The delineation between personal computing and work computing has more or less disappeared, and the internet (as well as the office) can be accessed almost anywhere and by everyone. SMS text messaging is still prevalent (but virtually instant and virtually free) but asynchronous email communications declined in favour of synchronous Social Network access, Instant messaging (Skype, Twitter, FB Messaging, WhatsApp) or video chats (Skype, Lync, FaceTime, Hangouts).
But we’re not quite there yet! The much heralded “ubiquitous” access to information, or “24×7” connectivity, is still a myth for a lot of us: While I constantly have to worry if my phone should connect via 3G or WiFi (a cost-driven and availability decision), while I can have internet access on a transatlantic flight, but not in a commuter train, while my broadband signal at home drops the line every 20 minutes because it’s too far away from the telephone exchange, while my WiFi router signal at one end of the house does not reach the dining room at the opposite end, and while I need a 3G signal booster at home (in a 450,000 people town) because none of the mobile networks around me have strong enough signal, mobile connectivity is not “ubiquitous”, it’s laboured.
Having lived and worked through 30 years of mobility transformation, I would argue that today’s “mobile revolution” is more evolutionary than revolutionary. What we are experiencing today is just another step in the right direction. Mobility will continue to have a transformational effect on businesses, consumers and popular culture, just as computer terminals transformed the typical desktop environment in the ‘70s and ‘80s, and as modems enabled home-working and flexible hours in the 90’s and 00’s. I expect that in the next 5 years we will see true “permanently on” connectivity and even more internet enabled devices communicating with each other. I also expect that businesses will become a lot more clever and creative with leveraging mobility.
Nevertheless, I don’t expect a mobile revolution.