One of the great things about the revamped Gilbane.com web site is that the current and back issues of the report are now available for free. I say this as one of the current editors, but I also say it as a long-time reader and fan of the newsletter. There are some top-notch articles among the back issues, so I thought I would occasionally point to some of the articles, briefly extract them, and suggest the rest for further reading.
The first one I would like to higlight is a recent article, written by Glen Secor. Glen wrote our most recent article about DRM, Compliance: Make “DRM” A Part of the Solution.
Here, for instance, Glenn discusses how Enterprise Content Management and Digital Rights Management technologies relate to the issue of compliance.
In ECM and DRM systems, content is maintained in some sort of content repository (or database). The ECM system is relied upon to manage internal business rules governing access to and usage of content from the database. But the difference between ECM and DRM systems cannot be stated simply in terms of internal vs. external content flow: both involve the management of content that leaves the enterprise. Indeed, for some compliance needs, such as the sharing of financial data between a company and its outside auditors or the sharing of test results between a hospital lab and a remote clinic, secure information exchange is required for compliance purposes. We should not allow ourselves to get hung up on the differences between content sharing, such as the electronic communication of specifications to a vendor working on a piece of a technology product, and content distribution, such as the sale or licensing of MP3 files through an online music store. Both involve the movement of content from within the enterprise to users outside the enterprise and both require that the content outside the enterprise be secure, i.e. that access and usage be controlled.
Whatever difference exists in the nature of ECM and DRM, then, can be found in the fact that ECM systems deal with content both within and outside of the enterprise, while DRM deals primarily with distributed content. This difference aside, each must be able to address the three core needs expressed above (how the information is stored, who has access to the information and how they gain that access, and how the information can be used once accessed.)
In other words, each must be able to articulate and enforce the business rules that the enterprise applies to its content. If a system can do this, then it can handle any compliance need that arises: the key is in the effective writing of business rules to meet the compliance standard.
It’s worth reading the whole thing, which is available in both HTML and PDF formats.