• No results found

Making Compliance Work for You

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Making Compliance Work for You"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

bluezone.rocketsoftware.com

Rocket

Aldon

® white paper

®

Rocket

Making Compliance

Work for You

(2)

Making Compliance Work for You with Application Lifecycle Management A White Paper by Rocket Software

Version 2. 0 Revised March 2012

(3)

|

Rocket

Aldon

®

1

introduction

In addition to the traditional challenge of remaining competitive, today’s organizations must also contend with growing regulatory requirements just to remain in business. Fortunately, while achieving regulatory compliance is challenging, doing so can offer significant—and unexpected—rewards for the enterprise. Mastering compliance gives companies a springboard to a myriad of process improvements that can directly and positively impact a company’s bottom line.

In this white paper, we examine regulatory compliance requirements, their effects on IT and the business, and how Application Lifecycle Management (ALM) can not only simplify the task, but can also turn those compliance efforts into a powerful business advantage.

what’s all the uproar about compliance?

(4)

Companies can be forgiven for believing compliance is a millstone around their necks. From Sarbanes-Oxley (SOX) for publicly traded companies, Basel II in the banking industry, FSA regulations and PCI Compliance in financial services and retail, and 21 CFR Part 11 and HIPAA in pharmaceutical and healthcare, sorting out reporting requirements can be overwhelming and confusing.

To further complicate matters, many organizations are tasked with ensuring their efforts meet not only one, but multiple mandates. For example, a United States-based financial services firm might need to comply with requirements from Gramm-Leach-Bliley (GLBA), Sarbanes-Oxley (SOX), and various U. S. Securities and Exchange Commission (SEC) regulations.

But what is really being asked? Thankfully, the regulatory bodies share many requirements. For example, one overarching recommendation common to all of the mandates is that organizations implement documented and repeatable business processes and that those processes introduce appropriate controls to prevent error or fraud. This holds true for software development for business critical applications. According to regulations, IT must not only ensure that changes in software development are made in a controlled and auditable fashion, but it must also flag for management any changes that will have a “significant impact”on the business.

To meet this requirement, IT must:

 Understand the internal control program and the reporting process;

 Identify risks related to IT;

 Design and implement controls to mitigate risk and continuously monitor them for effectiveness;

 Document and test IT controls; and

 Ensure that IT controls are updated as necessary to correspond to changes in financial reporting processes.

(5)

|

Rocket

Aldon

®

3

to respond quickly to the needs of the business. Consequently, it is recommended that these controls be automated. Automation reduces the time, expense, and disruption of IT audits.

In a nutshell, repeatable and measurable processes—structured, defined, implemented, and enforced—are key to effectively and easily comply with regulatory requirements. Sound, comprehensive records of these corporate controls must be kept so that an external auditor can attest to the effectiveness of the controls. At the same time, these controls should be automated so that IT remains responsive and productive.

enter best practice methodologies

Often, meeting compliance requirements is really just a matter of implementing existing IT best practices. The top best practice frameworks stress automated, structured, repeatable processes within IT—the very thing the regulations demand. Six Sigma, COSO, COBIT, ITIL, and CMMI, to name a few, all strive to make software development and frequent service delivery true business processes that can be tracked, measured, and controlled. In most cases, a single IT control will address compliance requirements for a number of different regulations and standards. Therefore, smart organizations are using regulatory compliance to justify automating inefficient manual processes, a boon for business efficiency and quality. Further, the regulations are giving companies permission to dedicate resources to acquiring the tools and expertise to address compliance and best practices. With increasing demand for innovative software applications, IT is becoming more and more valuable to the business. IT now has a rare opportunity to examine and improve internal processes for the benefit of all. Best practices are giving companies a way to achieve compliance, but even more importantly, the improved processes create a significant competitive advantage for companies wishing to further integrate IT and the business. As a result, best practice methodologies are taking the development world by storm.

application lifecycle management (alm), compliance,

and best practices

(6)

without creating so much bureaucracy that work comes to a grinding halt? As we’ve seen, both compliance and best practice frameworks stress standardizing and automating comprehensive, internal controls. However, organizations need support as they implement IT governance solutions to turn regulatory compliance into a business advantage. Automated application lifecycle management solutions are often critical to the success of these efforts. As software systems become more complex and interdependent, the need for application lifecycle management (ALM) increases dramatically.

ALM solutions provide support by allowing organizations to capture and implement their business processes within automated systems. They eliminate the need for many complex, time-consuming, and error-prone manual processes. By targeting process maturity in software development, ALM offers companies a way to encapsulate best practices and regulatory compliance within their ALM system. At the same time, ALM empowers IT to realize its full value to the organization by increasing productivity, quality, responsiveness, and the availability of management information. Key aspects of ALM include IT services management, requirements management, project and portfolio management, change and configuration management, and deployment. ALM covers all application development phases, from issue creation, change request, and project initiation through requirements, approvals, development, testing, and deployment.

By delivering process efficiency, automation, and manageability into the IT development environment, ALM enables businesses to control application development, ensure process repeatability, and improve responsiveness to user needs and requests. ALM meets a critical need for improved visibility and traceability and offers teams a way to collaborate across silos and operational areas regardless of geographic location. A strong ALM system should:

 Provide a collaborative communication infrastructure that ensures IT services and software initiatives support overall business goals;

 Reduce IT development costs by ensuring project teams build the application correctly the first time around;

(7)

|

Rocket

Aldon

®

5

auditable, repeatable processes;

 Enable communication between stakeholders of all changes in projects, and ensure appropriate notification, reviews, and approvals;

 Ensure dependable levels of quality and security in support of Service Level Agreements (SLAs);

 Provide a secure, visible repository of all application artifacts.

simplifying alm for compliance and best practices

We are highly regarded in the industry for providing process-centric change governance solutions for application lifecycle management to companies that wish to gain control of IT. Our proactive approach to change improves efficiency, quality, and delivery, and increases profits and competitive advantage.

We automate the entire application development lifecycle, reducing the burden of regulatory compliance and the associated administrative cost for IT and the business. Further, Rocket Aldon Application Lifecycle Manager (LM) contributes to improved IT-business integration by making business processes visible, traceable, auditable, and repeatable. Streamlined, managed development processes improve predictability, shorten development cycles, and remove complexity. With our solution, IT services become strategically integrated with business efforts, leading to improved performance by the entire company.

Customers choose us when they want:

 Predictable, controlled software development:

(8)

 To adapt to new technologies:

New and enabling technologies are one driver of ALM adoption. SOA and web services offer the promise of seamless integration and reusability for disparate software parts. Our solution enables components developed for one process to be efficiently identified and reused for another. Users can easily explore the relationships among services through our logical application explorer.

 Greater visibility and management of IT business processes, people, and assets:

Our process control and traceability allow enterprises to enjoy a single integrated business perspective. Centralized management and visibility of IT assets, personnel, and projects speed project completion and fulfill compliance requirements. And corporate IT assets are all secured against loss and unauthorized movement. We give businesses a tool with which to visualize and understand how changes relating to regulatory compliance will affect the organization before they happen.

 A centralized repository:

Our products provide a central repository for the ideas, designs, discussions, requirements, tasks, and other information that team members must readily access. All valuable intellectual property—from programs in the wide variety of languages available today such as Java, RPG, Cobol, C++, XML, Fortran, Visual Basic, C, HTML, JCL, and .Net to a diversity of modules, graphics, views, documents, tables, stored procedures, triggers, and project files—are secured within a repository to prevent loss and unauthorized access. A consolidated inventory ensures synchronization between platforms, reduces management overhead, and defines a manageable and repeatable process.

 Ongoing regulatory and standards compliance:

(9)

|

Rocket

Aldon

®

7

platforms and teams; tracks and verifies service level agreements; and boosts compliance efforts. In coordinating all elements of IT service delivery, LM offers a vital process maturity strategy. LM also improves efficiency and control when building and delivering development projects. With our products, even remote software development is easily coordinated with local development efforts, resulting in seamless project management. Integrated monitoring, tracking, auditing, reports, and dashboards all help managers keep projects on schedule.

 Release management:

When a team begins managing applications that impact the entire enterprise, it is useful and often necessary to manage different versions or releases that might be in development at the same time. Our products allow an enterprise to manage multiple software versions and releases simultaneously.

 Market validation:

In fact, we have been guiding companies through compliance for years, from meeting ISO standards to industry-specific issues such as HIPAA and 21CFR Part 11. The majority of our customers occupy the following highly-regulated industries: Banking and Financial Services; Communications; Insurance; Manufacturing; Medical and Pharmaceutica;l Retail; Transportation

conclusion

(10)

References

Download now ( PDF - 10 Page - 1.09 MB )

Related documents

Expression of the GABA(A) receptor gamma4-subunit gene in discrete nuclei within the zebra finch song system

We have described here the isolation of a cDNA clone that encodes a large portion of the zebra finch GABAA receptor 4 subunit, and its use in mapping the expression pattern of

Between conflict and cooperation: global-national interfaces and the fight against HIV/AIDS in Brazil and South Africa

Despite the fact that the South African National AIDS Council (SANAC) had not been functioning at that time, the Minister of Health argued that only the national government level

The median rule in judgement aggregation

Our first main result, Theorem 1, characterizes the median rule as the unique judgment aggregation rule satisfy- ing ESME, Reinforcement and Continuity.. Theorem 1 is based on a

Effective de novo assembly of fish genome using haploid larvae

Overall, our results suggest that the OLC- based de novo assembly of a haploid genome is a promising strategy for the construction of reference genomes from non-model diploid

ROYAL CARIBBEAN CRUISES, LTD MyCRUISE REWARDS PROGRAM

If an adjustment to your MyCruise Points total causes you to receive a Reward you were not otherwise entitled to, or if you redeem more MyCruise Points than you are entitled to,

Advisory Circular AC 66-3(1) MAY 2013 ENGINE GROUND RUN TRAINING AND ASSESSMENT

8.3 The Civil Aviation Safety Regulation (CASR) Part 145 Approved Maintenance Organisation (AMO) must include procedures for the conduct of engine ground running

Ludo literacy

In response to these challenges, I will explore how we can use online learning environments to support learning about games by (1) helping students get more from their

EASA 66 MODULE 10 Aviation Legislation

69. Authority to amend a maintenance schedule is given by the.. A situation is found which could hazard an aircraft, while it is Undergoing maintenance by a JAR-145 organization.