In 
This way, compliance becomes another part of the process, rather than an additional and unwelcome drain o
Some mainframe clients view regulatory or legislative compliance as simply a new front in the battle to keep the lights on. Others, however, see an opportunity to improve efficiency and performance—and deliver innovation.
As sure as night follows day, data protection breaches, rate rigging, product misselling or other visible malpractice will provoke demands for tighter regulation of an industry—or a clampdown, to use the popular press vernacular. For many, clampdown and compliance are interchangeable terms and both equate to a big problem.
Compliance, clampdown both equate to a big problem
And a problem is what hard-pressed CIOs or IT managers get. Compliance can mean labor-intensive, resource-hungry tasks and a forensic deconstruction of their mainframe estate. Compliance is “lights on” labor, forcing CIOs to maintain business as usual in the face of overdue maintenance tasks and costs. Of course, organizations must invest in innovation to achieve or maintain a competitive advantage, but compliance is obligatory so something must give.
Compliance is “lights on” labor, forcing CIOs to maintain business as usual in the face of overdue maintenance tasks and costs
Suddenly, the innovative project to take your enterprise application to a new platform is a soft target. This compliance-induced stasis will continue feeding the organization’s IT debt.
Outsourcing compliance work—and the attendant legal responsibility—can mean a 93 percent project cost increase. So whether you pay a fine, do the work or pass it on, there’s a price to pay. If you want to move away from IT debt and toward innovation, compliance seems a pretty good place to start.
The Compliance challenge
More than 40 years of innovation means complexity. It’s left most organizations with an unwieldy IT estate of disparate, heterogeneous systems. It works—the business demands it—but it can be difficult to see how. Complexity makes understanding, prioritization, resourcing and change extremely difficult—yet compliance requires all four of those characteristics.
Ever attempted to recover something from your garage, shed or attic from beneath mounds of detritus? Like most CIOs, you will have wondered, “How did it get like this?” The answer is, “One good decision at a time.” This additional complexity increases cost and confusion when it comes to meeting compliance targets. Your architecture is what it is, and process inefficiency can be improved.
Let’s take the use of personal information as a representative example of a compliance issue. By taking a micro view on this area, we can shift to a macro view and see the bigger picture.
What is Personal Information?
Data privacy is not a new requirement. Regulation and legislation governing personal information and data management has been in place for some time. But with each breach comes a demand for tighter control. New measures are inevitable.
POPIA defines personal information as data relating to “an identifiable, living person.” But unit, integration, system and user acceptance testing all use real, production-derived data because doing so is simpler and reduces the risk of disruption to key systems. It’s an important part of the lifecycle of application changes.
Data volumes processed by business application systems could grow by 125 percent every year. Meanwhile, engineers, quality assurance, development staff and outsourced workers are all using unaltered production data for application development and testing work. Laptops full of this test data are being lost or stolen. We must get smarter about the way we use data.
Technology can help
Effective data management technology can deliver a repeatable, appropriate masking action for each sensitive element within the data without compromising its integrity or usefulness. It satisfies compliance guidelines and removes risk.
Equally, application intelligence technology delivered mass change programs for Y2K and the introduction of the Euro. Since the inception of the Single Euro Payments Area, banks in 32 European countries now share common processes, have reduced payment costs and improved processing times.
Their business analysts and developers have used application intelligence technology to make changes in targeted areas, so fresh regulatory demands become more of a tweak than a sea change. They’ve focused on small details—down to the code level—and are more efficient for it.
Integrated development environments (IDEs) can help to navigate complex applications, but application intelligence technology achieves the macro view required of a mass change program.
Successful change starts with understanding the required effort. While making and validating those changes can be cumbersome, smart IDE technology can streamline code changes, and help test and validate those changes without disrupting lights-on activities.
This way, compliance becomes another part of the process, rather than an additional and unwelcome drain on resources.
Crack the code
Organizations automating large-scale system change and test-data generation can go beyond compliance and extract real business value from their application investments. They can be compliant and more efficient. Adjusting processes to meet regulatory and compliance targets can be the catalyst to make improvements across the board—and surely get the blessing of the board.
There is no magic wand. Compliance isn’t a bug to be fixed and no one knows what the next tranche of regulatory obligations will be. But by regarding compliance as a force for good and unravelling mainframe complexity to meet regulatory demands, smarter development teams are releasing their IP and finding new agility.
Meeting the compliance challenge today can deliver innovation tomorrow.
Meeting the compliance challenge
Philosophy: Adopt a holistic, risk-based view. Replace checkboxes with transparency and process improvement.
Automate processes: Stronger application understanding and test data management will help improve risk management and IT responsiveness.
Focus on the small details: Identify and fix the problem at code level. If new legislation demands another search of your application knowledgebase, you will be ready.
Know your estate: Ongoing assessment of value and maintenance cost will extend the business value of your portfolio.
Add new comment