Making sense of the maze

The program director of regulatory compliance for the Object Management Group discusses a new project known as Compliance Global Regulatory Information Database, which should help businesses manage regulatory compliance demands across international busisness units.

With Adrian Bowles, Ph.D., Program Director, Regulatory Compliance, Object Management Group. The OMG Regulatory Compliance Alliance (ORCA) recently began a project known as Compliance GRID or Global Regulatory Information Database.

Question: What motivated the project?

Bowles: Over the past several years, clients from global firms kept asking similar questions. They were all variations on the theme "If my firm operates different types of businesses in multiple countries, how do I keep up with which rules apply to me, and how do I know what other people are doing to comply?" My thought was that the combination of a global repository for rules, combined with standards for modeling the rules to facilitate analysis of their IT impact, would enable automated answers to these questions. As a result, the OMG launched a regulatory compliance SIG last April to develop the modeling standards, and I began work on the basic model for an open repository while talking to prospective sponsors who would benefit from having access to this type of resource. IBM Global Services signed on as our first sponsor in December, and now we have a team working on development of the C-GRID. Of course, we're open to additional sponsors and actively seeking volunteers to contribute information, which we'll vet internally before posting.

More information on regulatory compliance

Get tips for complying with multiple regulations and contending with conflicts

Learn how to comply with Sarbanes-Oxley's evolving demands in SOX Security School

Question: Media coverage has mentioned the database will help customers resolve conflicts between regulations in different geographic markets. How will that be accomplished?

Bowles: When the C-GRID is released, users will be able to identify which rules apply to them and manually review the descriptions of IT requirements to detect conflicts. Ultimately, we expect this process to become automated by tool vendors who use the C-GRID and emerging OMG standards for regulatory modeling. This will enable a generation of compliance tools far more powerful than anything on the market today.

Question: Do you have a timeline for release? Are there mechanisms in place to update or modify the data when the need arises?

Bowles: We plan a first release, focused on financial services rules in 23 countries, in Q3. After that we'll tackle other vertical markets such as pharma and energy. We will continue to use a combination of volunteer resources, partners and internal staff to monitor changes that necessitate updates to the C-GRID.

This 3 Questions originally appeared in a weekly report from IT Business Edge.

This was last published in February 2006

Dig Deeper on Security audit, compliance and standards

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.