1. Project Tasks

1. List applicable regulations and identify internal objectives.

   Start with the laws that concern everybody, such as tax legislation (e.g., about preserving records of tax-deductible expenses). Add rules governing your particular activities (e.g., about documenting the whereabouts of dangerous materials). Identify the data that matter most from a regulatory point of view.

   Relate these data to factors that influence financial or operational performance (e.g., using the expense records to plan future purchases to be "just-in-time"). This is where you recognize the double use of the information.

   RK-1  Checklist of Regulatory and Other Data Uses  $12.50
2. Define how the data will be used.

   Define how the information will be retrieved from storage. Include the outputs required by regulatory compliance and those that serve your internal goals. Aim to create a direct action, instead of just printing reports that need to be read before anything can happen.

   Define how the data will be placed in storage. Aim for direct feeds by sensors, instead of keyboard entry, scanning, or another way that involves potential delay and error.

   RK-2  Model of Record Keeping Activities  $8.50
3. Define how the data will be stored.

   Think of electronic and physical storage, the information they contain, and how the different pieces relate to each other.

   RK-3  Model of Record Keeping Data  $4.50
4. Design policies and controls.

   Write the policies that state the rules you want your organization to follow. Then choose controls that protect the data at its entry into the system, during its storage, at its output, and even later, to prevent tampering with the output. Aim for end-to-end automation and real-time data control.

   RK-4  Checklist of Policies and Controls  $2.50
5. Implement the solution.

   Develop and activate the manual and automated aspects of the operations.

   RK-6  Roles and Responsibilities  $4.50
   RK-7  Simple, Manual Log  $8.50

to top | to bottom

2. Project Management

1. Plan.

   Decide how high to aim. What are the priorities and deadlines?

2. Organize.

   Gain access to legal and technical expertise if it is not already available.

3. Execute.

   Keep track of progress against the major success criteria:

   • How many compliance goals do you meet?
   • How many internal goals do you serve?
   • How many safeguards do you implement?
   • How often do you exploit data for more than one goal?

     This can mean a compliance and an internal goal or two compliance goals, if two regulations concern the same information.