Global Compliance Activities Require New Approach to Forming Corporate Technology DNA

A recent conversation with Prime Magazine spurred my thinking about the incredible complexity of regulations which High Tech & Electronics companies must comply with during their production of market leading products. Every new regulation – no matter whether they are financial (Sarbanes-Oxley), environmental (WEEE/RoHS), based on individual privacy (HIPAA), or security (ITAR)—impacts manufacturers.

And let us not forget that these companies operate globally, adding yet one more layer of complexity to their compliance operations. Companies which sell globally need to ensure that they understand and abide by the regulations for each country or region in which they do business. Furthermore, the complex supply chains which often span the globe mean that the responsibility for compliance is shared among many partners, both inside and outside the company.

Imagine a product being sold in Germany. This product is designed jointly in the US and Japan, and assembled in Taiwan from components manufactured in China and Vietnam. The product(s) thus sold would have to abide by the environmental standards WEEE and RoHS. And the manufacturer would be on the hook for compliance by its supply chain to these standards. On top of that, if any of the design could conceivably be used for a military application, the control of access of some of the engineering information would be impacted by the US ITAR regulations.

The challenges occur because many businesses weren’t originally set up to operate globally. Many enterprises contain separate (sometimes disparate) systems in each of their business units. We call these ‘silos’ of information. Collecting information from each silo can be torturous, if not impossible sometimes. Further, most members of a global supply chain possess very little in the way of formalized systems at all, making the required tracking of such information to be a nightmare.

There are so many regulations at so many different levels that only through automation can compliance be assured. Manufacturers that deploy the right technologies can greatly reduce their exposure to violations of regulations and the financial consequences thereof. Further, they can greatly reduce the cost of compliance by automating the collection of information needed to measure compliance.

Among Microsoft’s solutions for compliance are Rights Management Services (RMS) to control document access, SharePoint for a controls and compliance workspace, SQL which provides a secure and reliable platform for securing data.

We at Microsoft regard regulatory compliance as a journey and our approach adopts both the softer aspect as well as technological aspect. We focus on enabling our clients through our vision of building a holistic risk management and compliance culture, environment and infrastructure.

Here’s a link for more information on Microsoft and compliance, and the Prime Magazine article I referred to at the beginning can be found in this issue. – Craig Rode | Industry Technology Strategist, High Tech & Electronics - World Wide | Microsoft Corporation