Global Regulatory Information Database (Compliance GRID)
From Wikipedia, the free encyclopedia
The Global Regulatory Information Database (Compliance GRID) is an "open database of rules, regulations, standards, and government guidance" documents that require IT action, and a survey of the regulatory climate around the world.
Contents |
[edit] Overview
It is being developed by ORCA, a working group of OMG (Object Management Group) members who are committed to codifying, and promoting IT best practices for regulatory compliance, and developing resources for IT professionals dealing with regulatory compliance requirements. The goal of the GRID project is to provide the de facto compliance reference guide for global IT managers. The GRID will be searchable by vertical market and geography, and linked to the ORCA vendor directory, enabling users to determine:
- Which regulations apply to a particular firm?
- What are the best practices for compliance with these rules?
- What is the impact of mergers/acquisitions that involve new markets or geographies?
- Who can help with associated products and services?
Given the enormous scope of the project, and the fact that many of the rules and resulting practices are in a constant state of flux, the only practical way to build such a repository is to make it open. ORCA is therefore actively building a supporting community and soliciting input from users and vendors who would benefit from its creation, but who individually could not afford the considerable expense. Much like the venerable Oxford English Dictionary, which continues to gather definitions and usage of words from a global team of volunteers while managing the process and ensuring quality with a central team of editors, the GRID project has a core group that will vet submissions from a wide-ranging team of contributors. The first release will focus on the banking vertical, and include rules from over 20 countries worldwide.
When used in conjunction with the emerging compliance standards being developed by OMG members, the GRID will ultimately facilitate automation of IT compliance tasks. Such automation will result in lowered costs and risks for IT across industries and geographies.
[edit] Quality of information
While members of the OMG ORCA team create and review submissions to the repository, they also depend on participation from users and sponsors. As experience with open source software has proven, opening the process of intellectual property development to public scrutiny and holding contributors accountable for their contributions can result in a high quality process for delivering useful content. The process leverages a combination of dedicated staff, sponsors’ staff and volunteers.
Corporate sponsors and individuals may participate in the development of the Compliance GRID. Sponsors pay an annual fee, and may maintain private copies of the GRID for internal use. Individuals are invited to contribute new and revised entries and use the public copy of the GRID on the OMG-ORCA site.
[edit] Types of information needed
[edit] Regulatory climate within a jurisdiction of interest
- Current environment and notable litigation/judicial decisions for IT Governance and Risk Management
- Spam, Data Privacy & Transfer
- Security & Safety of IT Systems and Infrastructure
- Business Resiliency (including BCP/DRP/Data Retention & Secrecy)
- Electronic Transactions & Digital Signatures
- Networks & Firewall Policies
[edit] Rules
Rules is interpreted to include legislation, regulations, frameworks, standards, and guidance documents in their language of publication and includes:
- Name and Rule reference (URL or text)
- Type [Legislation | Regulation | Framework | Standard | ... ]
- Regulatory and Enforcement org names (SEC, FSA..)
- Life-cycle status (proposed/pending, active, expired, superseded)
- Jurisdiction name/type (eg. USA, NY, EU, NATO.../country, state, treaty, NGO...)
- Dates: ( written, effective, expiration ...)
- Vertical market/industry [ SIC | NAICS ]
- Comments
