300 likes | 444 Vues
Managing Oracle Data to Support Compliance Initiatives. Overview of Best Practices and Best-in-Class Solutions. Alan Schneider GCOUG January 18, 2006. Today’s Discussion. Princeton Softech and Oracle Challenges of Data Growth and Retention Compliance Best Practices in Managing Oracle Data
E N D
Managing Oracle Data to Support Compliance Initiatives Overview of Best Practices and Best-in-Class Solutions Alan Schneider GCOUG January 18, 2006
Today’s Discussion • Princeton Softech and Oracle • Challenges of Data Growth and Retention Compliance • Best Practices in Managing Oracle Data • Establishing Functional Policies and Service Levels • Managing archive and retention processes • About Princeton Softech • Optim™ Solution Capabilities
What’s Driving Data Growth? • High-volume online transaction processing: • Customer facing eCommerce applications • ERP/CRM • Supply chain applications • Record retention requirements: • Financial Services – Sarbanes-Oxley • Healthcare – HIPAA • Pharmaceutical – 21 CFR 11 • Financial – IRS and SEC Rule 17a-4 • Multiplicity of data: • Multiple operational, development and testing environments • Disaster recovery and business continuity • Routine backup and recovery
Data Retention Example • SEC Rule 17a-4 • Retain records for six years from close of account or termination of associated employees • Keep records in an "easily accessible place" • Produce records immediately if the records are located in the office where the request is made • Produce records within three business days if the requested records are located off-site • Display requested records electronically in a local office and immediately produce printed copies to satisfy Rule requirements
Archiving E-Business Suite Transactions • Identify the business parameters that will drive an archive • Establish service levels for archive access by functional users • Place archived data in the storage appropriate medium • Provide the appropriate archive access interface • Select from multiple tool options available • Document improvements
Establishing Functional Business Policies • Develop a channel of internal communications on functional retention policies • Ensure functional business users understand the needs and costs of long-term, compliance-driven retention • Conduct annual training on retention policies and procedures • Ensure that the technical teams preserve the functional requirements in their archive implementation • Ensure that your technical staff is comfortable with archive retention mechanisms
Driving Retention Aspects of Compliance • Internal controls and best practices • Business unit accountability • Real-time monitoring and disclosure • Consistent and sustained access to historical transactions
Preparing for Retention Oriented Compliance • Step 1: Develop functional archive policies • Step 2:Define those policies to an archive product and storage architecture • Step 3:Don’t forget about process
Step 1: Business Policies Drive Archiving • Identify applications that manage regulated data • Build consensus among stakeholders on retention and retrieval: • Business owners, application developers, storage • Include CFO, legal, compliance, security • Document your business policies: • Types of data (Active, Inactive/Historical, Reference) • Processes for Archiving, Viewing, Retrieving Objects • Processes for Compliance and Disposal
Predefined Business Integrity Checks • Archive Transactions together with related adjustments, credits, reversals, calls, sales credits, and receipts • Closed transactions include zero-balance invoices, zero-balance debit memos, fully applied credit memos, charge-backs, cash receipts, as well as approved and applied adjustments • Receipts must be fully applied and related only to the transactions eligible for purge: • Status of AR_CASH_RECEIPT_HISTORY must be ‘Cleared’, ‘Risk_Eliminated’, or ‘Reversed’ • Debit memo reversals, require a reversal date
Step 2: Define the Storage Architecture • Technical Safeguards (Security) • Data integrity safeguards • Access controls – authentication, authorization • Recording media (WORM media or subsystems) • Secure audit trails, duplicate copies, etc. • Data privacy safeguards • Access controls – authentication, authorization • Data encryption • Access logs, audits and reports *Exact requirements depend on regulatory environment
Storage Goals and Criteria Goals: • Cost effective • Easy to manage and scale • Ensure accessibility for many years Selection Criteria: • Storage capacity • Availability • Manageability • Performance • Cost Existing storage technology to be combined with new storage technology (e.g. ATA disk storage) to help reduce cost.
Step 3: Don’t Forget About Process • Important regulatory requirements specify that the data must remain unaltered and accessed only by the proper individuals. • Accessibility, storage and audit policies each result in a specific set of processes that govern their maintenance and education. • Consistent, repeatable, controlled, documented archive and access methods and tools
Summary of Advice • Recognize that IT owns Infrastructure, but the Business owns the data • Improve functional processes by tiering services by functional need • Higher service levels on current transactions • Lower-cost, lower service levels on historical transactions • Limit liability by ensuring real-time compliance controls are sustained and documented in your historical retention processes and tools • Respond quickly and accurately to audit requests • Reduce costs of discovery
About Princeton Softech • Proven leader in Enterprise Data Management • Solving complex data management issues since 1989 • In-depth functional knowledge of mission-critical applications and the business rules that govern them • Over 2,200 customers worldwide • Including nearly half of the Fortune 500 • Only true enterprise solution: across applications, databases, hardware platforms and operating systems
Princeton Softech and Oracle • Only Oracle partner offering a single, consistent archive solution across entire Oracle stack • E-Business Suite, PeopleSoft Enterprise, JD Edwards EnterpriseOne, Retek, Siebel • All custom and packaged applications running on Oracle databases • Provides a safe, secure path to Project Fusion • Accelerated deployment of integrated Oracle partner solutions • Repeatable experiences through pre-defined and fixed-scope services • Highest quality skill sets and bench strength to augment your project teams, if desired • RESULT: no shelf-ware, no surprises!
Princeton Softech Optim™ • Provides a single solution for managing enterprise application data throughout every stage of the information lifecycle • Applies business rules and automates processes that govern how to assess, classify, archive, subset, access, store and protect enterprise application data • Supports and scales across applications, databases, operating systems and hardware platforms • Optimizes the business value of your IT infrastructure
Transaction Processing Audit Reporting Retrieve Archive Support for E-Business Suite • Support for Oracle Applications versions 11.0 & 11i • Financials • Manufacturing • Supply Chain • Human Resources • Projects • Transparent access to data via standardOracle Applications forms and reports • Pluggable archiving framework designed to support predefined archive templates and local customizations
ArchivedData ProductionData Self-help Access to Archived Data • Seamless access to BOTH archived and production data via Oracle Applications • Leverages “Responsibility” to access data, using standard Oracle forms and reports • Steps to view archived data: • Login • Select Responsibility • Access archived data, production data or BOTH
Preserves transactions’ business integrity without variance Metadata preserved with archive Complete business object archiving Business reference data contained with purged data Future-proofing through consistent and agnostic deployment Across application vendors Across application versions Across database vendors Access archives independently from native application Enables decommissioning and migrations Single Archive process for both self-help (transparent) and snap-shot query (audit) access Audit-Ready Snap-Shot
Access Archive Snap-shots for Audit • Only Princeton Softech has complete business objects archived for reporting based access stand-alone from any application version or front-end • Choice of: • Discoverer • SQL • Reports • Database reporting tools Product enables each access method, without reconfiguring the archive product. • Most customers tier access to archives based on age and status of business transactions, and will eventually seek to replace transparent access with report based access to older archives • Plan on eventually archiving the archive – re-use!