In response to my last post, a reader posed the following:

“Although an honorable ideal, can a software platform deliver collaboration in the GRC and Security realms where need-to-know regulations take precedence over the business need to efficiently share information with your colleagues?”

In the spirit of full-disclosure, a D3 customer posed the question.

Upon consideration (and a search of the blogosphere), a trend emerged that involved a series of questions the potential collaborators must answer in relation to their proposed collaboration and the enabling software (paraphrased):

1. What data in the collaboration set is considered “need-to-know”?

2. Which “need-to-know” regulations apply?  Examples include one or a combination of Payment Card Industry (PCI), Safe Harbor (European Commission’s Directive on Data Protection) or California Senate Bill 1386.

3. Which collaborators “need-to-know” the regulated information?

4. Do exemptions apply for legal or public safety issues?  Do those exemptions apply to the potential collaborators?

5. Does an audit trail exist?

6. Does the software allow configuration of field-level access controls by user “need-to-know” privileges?

By answering the above questions, I believe organizations can strike a balance between satisfying the regulatory requirements of multiple jurisdictions while solving the business need for rapid collaboration among colleagues and business functions that collaborative software can provide.  Moreover, the ROI inherent when multiple business functions solve a business need by leveraging a single software solution strengthens the argument for collaboration and convergence and the software simply becomes an enabler.