« Re-engineered WebSphere Business Integration Advances IBM SOA Platform | Main | SOA -- Main Theme at Gartner Application Integration and Web Services Summit »

In early December, Pegasystems will introduce its Control and Compliance Framework. This is a framework for implementing all kinds of compliance solutions, including Sarbanes-Oxley, ISO 9000 or Investigational New Drug (IND) regulatory compliance.

There are four components of the solution:
• Control and Test Capability
• Exceptions Management
• Audit Facilitation Tools
• Change Tracking

These four components can be generalized for different types of compliance solutions.

The control and test capability includes a repository to catalog, organize and index all policies, procedures, and test plans. It centralizes the documentation for audit materials. The Testing Framework is part of this module. You can define how often to test and what operational controls need to be tested when. For example, companies may do full annual testing, and partial quarterly testing. The system sets up the testing spreadsheet, and records results into the test template. It supports working offline for parts of the test that are manual.

The exceptions management module initiates a remediation plan. Using business rules, the remediation can be assigned to one or more people. It also categories the severity of each anomaly, and monitors compliance rules for when different types of anomalies need to be remediated. For, material issues need to be remediated by end of following quarter. The application monitors every exception, and generates alerts as it approaches deadlines.

The audit facilitation tools module reports on who has access and permission to every module or system, which creates any financial report. The system automatically sends report to the system owner at defined intervals. It includes a snapshot of the system logs and attaches it to the re-approval process, so the business owner can see who is accessing the system. The system can also spawn exceptions (such as when someone who used to have access has moved on, but continues to have access), and can spawn a remediation plan.
The change tracking module tracks the process of system development and changes. It manages all the evidentiary documents for requirements documents and approvals, sign-offs source code reviews, and deployment and migration plans. It stores all the documents, and auditors can download them or they can be put on a CD for auditors to review them offline.

Most of the BPM vendors have focused on developing compliance solutions that implement and monitor specific processes, such as revenue recognition. This system is much more like a framework for implementing any type of compliance solution, by providing the essential services to ease the pain of compliance auditing.

For the past year, Pegasystems has focused exclusively on the BPM market, and providing solution templates for the finance, insurance and healthcare markets. This compliance solution is a horizontal framework that will work across industries and even different types of compliance solutions.

Posted by bethgb at 11:21 AM in Vendor Briefings | Digg This | Add to del.icio.us