For security, governance, risk and compliance professionals, repeatable and discoverable case management, tamper proof audit trail and electronic chain of custody compose minimum requirements for the incident reporting and case management process. Yet, a consistent frustration surfaces in meetings with Security and GRC professionals – the inability to generate the graphical and tabular analytics required by senior management.
In some cases, limitations exist in the business intelligence methodology leveraged by a particular tool. More commonly, poor data quality hinders the effectiveness of business intelligence. The Achilles’ heel of Enterprise 1.0 solutions is data quality. Because Enterprise 1.0 solutions rely upon a programmable architecture that requires programmers and consultants to customize, change is labor intensive making data collection static. On the other hand, Enterprise 2.0 solutions rely upon a configurable architecture that eliminates the consultants and programmers and places the business user in control of a dynamic process. As a result, the business user controls the data collected and configures the data collection fields to match his or her environment. With a configurable platform, the term “user defined fields” becomes obsolete because all fields are user definable.
For the incident reporting and case management process, a telecommunications giant, retail firm and healthcare provider have divergent data collection requirements. Moreover, the data collection requirements of a corporate security professional differ from those of the human resources professional. Enterprise 2.0 architecture enables organization and function specific data collection through a solution configured by the business user. By configuring data collection fields that are relevant to both the organization and the function, data quality improves. Thus, a configurable platform leveraged by empowered business users delivers better data quality, improving analytics.
Other keys to better data quality and improved analytics include:
1. Use of defined field options
2. Use of dynamic field options where present choice drives future option
3. Ability to designate any field as “required upon submit”
4. Ability to designate any field as “required upon close”
5. Use of field-level data format controls (e.g. telephone, postal code and currency)
6. Leveraging web service requests to third-party applications that already contain reliable data