In a recently penned column on the Digital Landfill blog run by AIIM president John Mancini, guest columnist Daniel Chalef made a point about ECM and regulatory compliance. Actually, he made eight points.
Among the points made, Chalef said that understanding which regulations apply to an individual business is one of the biggest challenges. In fact, some companies may fall under more than one regulatory body or rule, such as a hospital that is publicly held. In this case it would be held to standards set forth under Sarbanes-Oxley and HIPPA – or a combination of a myriad of other regulations. But it is vital that whatever business a company is in, it makes sure to learn and adhere to regulations or face legal and financial risks.
Even in a regulated industry, not every document in the ECM repository is subject to regulation and compliance, said Chalef. It is important to exam documents, and policies to reduce the workload at the beginning of the process, and stick to a retention schedule to save headaches in the long run.
In the end, Chalef said that it is more than the product that makes the company compliant.
"Your ECM software is only one piece of the compliance solution that will also include scrutiny of your business processes, training programs, standard operating procedures, etc.," said Chalef.