Print this article

Comments

Email this article

Compliance is a very broad term. At the top level, one can divide it into two categories: business related compliance such as adherence to service level agreements;

regulatory compliance such as adhering to Sarbanes-Oxley Act, the USA PATRIOT Act, or industry-specific regulations such as Basel II for banks, or HIPAA in healthcare.

In most discussions, compliance refers mostly to the latter. Though there are industries other than the traditionally regulated ones like banking, finance and pharmaceuticals that are showing interest, investments are due to regulatory enforcements.

A McKinsey article based on the firms study of CIO spending last year noted that, "they (CIOs) are enhancing the finance and accounting modules of their ERP systems to comply with governance regulations such as Sarbanes-Oxley." That is the basic minimum though. However, in realistic terms, thats where current investments are taking place. A CFO magazine research earlier found that finance executives call for improving their existing ERP systems and processes that support regulatory compliance efforts, instead of looking at new classes of technology.

A Holistic Approach
While the initial response to meet with compliance requirements was more of a patchwork approach, today there is a significant market for what are called compliance solutions.

According to MR firm, The Radicati Group, "The compliance market is shared by anti-spam, e-mail archiving, IM management and pure-play vendors. The total worldwide market value of these solutions is expected to reach over $674 mn in 2007, and grow up to $2.4 bn by 2011."

EMC, which has now popularized the phrase Information Lifecycle Management, was an early pioneer. The firm introduced the Centera Compliance Edition way back in 2003. It bundled storage hardware and data management software that addressed compliance markets for HIPAA, SEC Rule 17a-4, and 21CFR Part 11. It then added SOX too. IBM joined the race later by introducing the IBM TotalStorage Data Retention system.

But these were largely storage-centric data management solutions. The scope since then has expanded to include business process management, enterprise content management as well as risk management and governance. Forrester tracks this market calling it GRC or Governance, Risk and Compliance platform market and predicts that from $590 mn in 2006, this market will grow to $1.3 bn by 2011.

Forrester identifies four areas that these solutions must address: Policy, procedure, and control documentation; Risk and control assessment; Risk analytics; Loss, event, and investigations management.

In 2006, Forrester identified Axentis, BWise, IBM, and QUMAS as leaders, from among ten suppliers. Of late, IT service providers such as TCS, Wipro, and HCL have aggressively targeted this space.

In India, it is still very early days! With India becoming a major base for the pharma industry, this market is likely to pick up. But, the biggest opportunity lies within the Indian outsourcing industry. Dealing with clients from multiple segments geographies require them to comply with a variety of regulations.

Shyamanuja Das
shyamanujad@cybermedia.co.in

Page(s)   1