© 2005 princeton softech, inc. managing oracle data to support compliance initiatives alan...

© 2005 Princeton Softech, Inc.

Managing Oracle Data to Support Compliance Initiatives

Alan SchneiderGCOUG

January 18, 2006

Overview of Best Practicesand Best-in-Class Solutions

2© 2005 Princeton Softech, Inc.

Today’s Discussion

Princeton Softech and Oracle Challenges of Data Growth and Retention Compliance Best Practices in Managing Oracle Data

- Establishing Functional Policies and Service Levels- Managing archive and retention processes

About Princeton Softech- Optim™ Solution Capabilities


Challenge: Database Growth


What’s Driving Data Growth?

High-volume online transaction processing:- Customer facing eCommerce applications- ERP/CRM - Supply chain applications

Record retention requirements:- Financial Services – Sarbanes-Oxley- Healthcare – HIPAA- Pharmaceutical – 21 CFR 11 - Financial – IRS and SEC Rule 17a-4

Multiplicity of data:- Multiple operational, development and testing environments- Disaster recovery and business continuity- Routine backup and recovery


Data Retention Example

SEC Rule 17a-4- Retain records for six years from close of account or termination of associated employees- Keep records in an "easily accessible place" - Produce records immediately if the records are located in the office where the request is made - Produce records within three business days if the requested records are located off-site- Display requested records electronically in a local office and immediately produce printed

copies to satisfy Rule requirements


1. Identify the business parameters that will drive an archive

2. Establish service levels for archive access by functional users

3. Place archived data in the storage appropriate medium

4. Provide the appropriate archive access interface

5. Select from multiple tool options available

6. Document improvements

Archiving E-Business Suite Transactions


Establishing Functional Business Policies

Develop a channel of internal communications on functional retention policies

- Ensure functional business users understand the needs and costs of long-term, compliance-driven retention

- Conduct annual training on retention policies and procedures

Ensure that the technical teams preserve the functional requirements in their archive implementation

Ensure that your technical staff is comfortable with archive retention mechanisms


Driving Retention Aspects of Compliance

Internal controls and best practices Business unit accountability Real-time monitoring and

disclosure Consistent and sustained access to

historical transactions


Preparing for Retention Oriented Compliance

Step 1: Develop functional archive policies

Step 2:Define those policies to an archive product and storage architecture

Step 3:Don’t forget about process


Step 1: Business Policies Drive Archiving

Identify applications that manage regulated data Build consensus among stakeholders on retention and

retrieval:- Business owners, application developers, storage- Include CFO, legal, compliance, security

Document your business policies:- Types of data (Active, Inactive/Historical, Reference)- Processes for Archiving, Viewing, Retrieving Objects- Processes for Compliance and Disposal


Functional Requirements for Archive

Application Retention (Years)

Archiving Recovery / Access Requirements

Lead Time

Type of Data to Archive

GL 3 Yearly Audit; Trend analysis Y Ledgers, Journals, fully posted

AP 3 Yearly Audit; Trend analysis Y Vouchers, Payments, fully paid and posted

AR 3 Yearly Audit; Trend analysis Y Invoices, items

Billing 3 Yearly Audit; Trend analysis Y Invoices

Billing Interface

1 Quarterly Troubleshooting Y Billing input

AM 3 Yearly Audit; Trend analysis Y Retired assets

AM Interface 1 Quarterly Troubleshooting Y Asset input, GL interface

Payroll 2 Yearly Audit Y Paycheck processing data and balances


Define Retention Policies at Business Layer

Order Management

Archive Orders for any Order Type, Order Category, Customer, Order Numbers, Order Dates, Creation Date values

Purchase Order Archive Blanket Agreements and Purchase Orders by a specified Last Activity Date

Work in Process Archive Discrete Jobs and Repetitive Schedules for any Accounting Period

Accounts Receivable

Archive Transactions (other than transactions applied to commitments) posted to General Ledger or prior to a Cut Off Date value


Archive Templates Know E-Biz Data Model


Align Service Levels with Business Use

Functional Usage / Access Requirements Over Time

Functional Data Frequent and Intuitive Access (Self-Help)

Infrequent Ad-Hoc, Query-based Access (via Query)

Exception-based Reference/Spreadsheets (24-hour IT response)

Complete Deletion (Dictates storage planning)

Ledgers (GL) Current – 2Y Years 3 - 5 Years 6 - 10 Year 11

Journals (GL) Current – 2Y Years 3 – 5 Years 6 - 10 Year 11

Vouchers (AP) Current – 2Y Years 3 – 5 Years 6 - 10 Year 11

Payments (AP) Current – 2Y Years 3 – 5 Years 6 - 10 Year 11

Invoices (AR) Current – 2Y Years 3 – 5 Years 6 - 10 Year 11

Items (AR) Current – 2Y Years 3 – 5 Years 6 - 10 Year 11

Invoices (BI) Current – 2Y Years 3 – 5 Years 6 - 10 Year 11

Billing Input (BI) Current Year Year 2 Years 3 - 10 Year 11

Retired Assets (AM)

Current – 2Y Years 3 – 5 Years 6 - 10 Year 11

Asset Input (AM) Current Year Year 2 Years 3 - 10 Year 11


1. Archive Transactions together with related adjustments, credits, reversals, calls, sales credits, and receipts

2. Closed transactions include zero-balance invoices, zero-balance debit memos, fully applied credit memos, charge-backs, cash receipts, as well as approved and applied adjustments

3. Receipts must be fully applied and related only to the transactions eligible for purge:

- Status of AR_CASH_RECEIPT_HISTORY must be ‘Cleared’, ‘Risk_Eliminated’, or ‘Reversed’

- Debit memo reversals, require a reversal date

Predefined Business Integrity Checks


Step 2: Define the Storage Architecture

Technical Safeguards (Security) Data integrity safeguards

- Access controls – authentication, authorization- Recording media (WORM media or subsystems)- Secure audit trails, duplicate copies, etc.

Data privacy safeguards- Access controls – authentication, authorization- Data encryption- Access logs, audits and reports

*Exact requirements depend on regulatory environment


Storage Goals and Criteria

Goals: Cost effective Easy to manage and scale Ensure accessibility for many yearsSelection Criteria: Storage capacity Availability Manageability Performance Cost

Existing storage technology to be combined with new storage technology (e.g. ATA disk storage) to help reduce cost.


Step 3: Don’t Forget About Process

Important regulatory requirements specify that the data must remain unaltered and accessed only by the proper individuals.

Accessibility, storage and audit policies each result in a specific set of processes that govern their maintenance and education.

Consistent, repeatable, controlled, documented archive and access methods and tools


Summary of Advice

Recognize that IT owns Infrastructure, but the Business owns the data

Improve functional processes by tiering services by functional need

- Higher service levels on current transactions- Lower-cost, lower service levels on historical transactions

Limit liability by ensuring real-time compliance controls are sustained and documented in your historical retention processes and tools

- Respond quickly and accurately to audit requests- Reduce costs of discovery


About Princeton Softech

Proven leader in Enterprise Data Management- Solving complex data management issues since 1989- In-depth functional knowledge of mission-critical

applications and the business rules that govern them- Over 2,200 customers worldwide

Including nearly half of the Fortune 500

- Only true enterprise solution: across applications, databases, hardware platforms and operating systems


Princeton Softech and Oracle

Only Oracle partner offering a single, consistent archive solution across entire Oracle stack- E-Business Suite, PeopleSoft Enterprise, JD Edwards

EnterpriseOne, Retek, Siebel- All custom and packaged applications running on Oracle databases

Provides a safe, secure path to Project Fusion Accelerated deployment of integrated Oracle partner solutions Repeatable experiences through pre-defined and fixed-scope services Highest quality skill sets and bench strength to augment your project

teams, if desired RESULT: no shelf-ware, no surprises!


Princeton Softech Optim™

Provides a single solution for managing enterprise application data throughout every stage of the information lifecycle

Applies business rules and automates processes that govern how to assess, classify, archive, subset, access, store and protect enterprise application data

Supports and scales across applications, databases, operating systems and hardware platforms

Optimizes the business value of your IT infrastructure


Princeton Softech Optim™


• Support for Oracle Applications versions 11.0 & 11i• Financials • Manufacturing • Supply Chain• Human Resources• Projects

• Transparent access to data via standard Oracle Applications forms and reports

• Pluggable archiving framework designed to support predefined archive templates and local customizations

Support for E-Business Suite

Transaction Processing

Reporting

Audit

Archive

Retrieve


Self-help Access to Archived Data

• Seamless access to BOTH archived and production data via Oracle Applications

• Leverages “Responsibility” to access data, using standard Oracle forms and reports

• Steps to view archived data: Login Select Responsibility Access archived data, production data

or BOTH

ProductionData

ArchivedData


Audit-Ready Snap-Shot

Preserves transactions’ business integrity without variance

- Metadata preserved with archive

Complete business object archiving

- Business reference data contained with purged data

Future-proofing through consistent and agnostic deployment

- Across application vendors- Across application versions- Across database vendors- Access archives independently from native application Enables decommissioning

and migrations - Single Archive process for both self-help (transparent) and snap-shot query (audit) access


Access Archive Snap-shots for Audit

Only Princeton Softech has complete business objects archived for reporting based access stand-alone from any application version or front-end

Choice of:- Discoverer- SQL- Reports- Database reporting tools Product enables each access method,

without reconfiguring the archive product. Most customers tier access to archives based on age and status of

business transactions, and will eventually seek to replace transparent access with report based access to older archives

- Plan on eventually archiving the archive – re-use!


Results from Oracle Sites

VOLT Information Sciences

Segregated 250 GB of a 500 GB database by age and status Key functional processes now running 25% to 300% faster Upgrade run-time reduced from 140 to 50 hours

Bausch and Lomb

Financial reporting 50% faster

AIMCO Implemented and in production in 2 months – by one staffer, part-time project

Giant Eagle Archiving generated a first-year ROI that exceeded their investment in archive software and labor

Other Customers

ADVO, AVX, Boeing, State of Georgia


Princeton Softech: Customers

© 2005 princeton softech, inc. managing oracle data to support compliance initiatives alan...

Documents