Can software ever make you compliant?
Everyone is playing by different rules
Words like compliance and governance are frequently bandied about as if there are universal, agreed, common standards for everything, and at Quadrotech we’re frequently asked if our products are compliant with a particular policy.
The short answer is that our software can help you achieve compliance, but it can’t do so by itself.
Different industries may be more highly-regulated than others, and regulations are not necessarily the same across each one. Take a public sector organization, for example. It has to adhere to government-imposed rules and regulations that are likely to differ significantly from a private sector company, especially in areas like healthcare or finance. And then there are various freedom of information or data protection laws in force across different territories.
As if these variables weren’t enough, throw software – which either manipulates and/or moves data – into the mix, and organizations understandably need reassurance that this will not cause them any issues with regulators or internal guidelines and policies.
Compliance can be achieved by different methods
Let’s look at a one regulation as an example: the UK’s Data Protection Act.
The Act states that the company holding the data needs to take ‘reasonable’ steps to protect that data against loss or tampering, and that there must be an audit trail available so origin and life-cycle can be measured. The data also needs to be searchable, be retained for a certain amount of time, and certain personally identifiable data needs to be made available on request.
What the Act doesn’t say is that you need to use a certain methodology to back up the data in a specific way. Neither does it say you need to migrate data from A to B using a predetermined procedure and a special algorithm. These points are open to interpretation to a certain extent, making it sometimes more confusing for CIOs or compliance officers to ensure that their organizations are, in fact, compliant.
Software does what you tell it to
With that in mind, can software – any software – be natively compliant?
As a general rule, I’d say the answer is no. There might be exceptions for very basic applications that cannot be configured in any meaningful way and that are only designed to perform a single task. But as soon as you add anything configurable your software becomes susceptible to human error and wrongful set-up.
What software can do is help organizations BECOME compliant by supporting what are sometimes vague policies with appropriate configurable workflows, reporting and preservation of the Chain of Custody, for example.
Quadrotech products are intentionally highly-customizable. In this way they help customers with a variety of compliance tasks related to the main objective of migrating the email ecosystem. ArchiveShuttle, PST FlightDeck and MailboxShuttle allow customers to tailor process workflows to support any policies they need to adhere to.
So, having the right software can help with compliance while achieving other business goals efficiently and reliably. So the question you should ask before purchasing your software is not “will this make me compliant?” but “how can this help me become compliant?”