While there hasn’t been a lot in terms of new releases this week, the ongoing problems in Iron Mountain are again in the spotlight, while research from both the not-for-profit ISACA, as well as SaaS GRC vendor Compliance 360, shows that compliance will be the major concern for enterprises in the coming 12 months. GRC was also mentioned at last week’s Oracle Collaborate conference.

Will Iron Mountain Sell Digital Business?

Last week, we reported that Iron Mountain (news, site) was going through some difficulties and that it was pulling out of the public cloud storage market. At the top of the company, there has been considerable turmoil with one of its major investors, the Elliot hedge fund, pushing for a change in the direction the company is taking.

This week, it seems there has been some kind of uneasy compromise aimed at calming troubled waters that makes concessions to shareholders, as well as some changes at board level.

However, from an information management perspective, it looks like there could be more changes on the way, with the possibility that Iron Mountain will sell its digital business entirely.

According to a statement issued by the company, Iron Mountain is now “…exploring strategic alternatives for its digital business, including a potential sale of the company’s digital archiving, e-Discovery and online backup and recovery solutions.”

Explaining the possible move, CEO Richard Reese, who only last week took over the position from Bob Brennan after moving from that position in 2008, said it was considering the sale as “…our digital business has faced a number of challenges from a rapidly changing environment..."

A strategic review of the business has been ongoing since last fall, the result of which is the conclusion that the company could not continue investing in technology investments and meet its return requirements.

He also said that it intended to meet “…customers’ digital information management challenges through partnerships.”

The company also noted that there is no assurance that “the exploration of strategic alternatives” for the digital business will result in any transaction.

Unfortunately, in this respect the statement doesn’t add much more and specifically rules out any further indications as to where it is going with this until a decision has been made. Whether this is the result of an internal problem, or a wider problem in a difficult market is not clear, but we should know in the coming months.

How Difficult are Application Upgrades?

GRC was also one of the topics that came up at Oracle’s Collaborate conference last week in relation to application upgrades and the best way to do them.

According to a survey carried out for the Oracle Applications Users Group, GRC management best practices are the most effective tools for mitigating the risks involved in upgrades.

An unspecified majority said that, by using formal GRC methodologies, they could streamline upgrades and minimize the risks, with 56% saying managing operational risk and business process control was a “critical key fact” in their decision to upgrade. Even so, 40% of those who responded said too much staff time is used managing compliance and risk issues. Interested in more?

Compliance is a Healthcare Problem

Meanwhile, Compliance 360 (news, site), which provides SaaS GRC software for enterprises, has released results of research that show how healthcare organizations are dealing with the growing body of regulatory processes that is now one of the biggest problems in the industry.

With input from hundreds of healthcare compliance professionals from across the US, and the passage of the Patient Protection and Affordable Care Act, which has made it mandatory for healthcare organizations to implement compliance projects, the research showed that:

  • For an overwhelming majority -- 84% from health insurance plans and 79% from healthcare providers -- demonstrating compliance effectiveness is either their top priority, or one of the top priorities this year.
  • 65% said they are currently using Internal Audit/Assessment Results to demonstrate and measure compliance effectiveness. Other methods included External Audit Results (34%), Ad Hoc or Qualitative Measures (34%) and Manual Scorecards (31%). Only 12% said they were using “Automated Scorecards” (either purchased by a vendor or built internally).
  • Despite ranking it as a top priority, 39% said they were not confident or moderately confident in their ability to demonstrate and measure compliance effectiveness.

The report also noted that more healthcare organizations are now using software applications to measure results and that Compliance 360 expects this trend to continue into the future. If you’re interested in the full report, you can download it here after registration.

Compliance is a General Problem, Too

Other research this week, this time from the non-for-profit ISACA , goes a bit further than the report from Compliance 360 and shows that regulatory compliance in general will be the top business issue affecting enterprise information technology  in the next 12 to 18 months.

The member survey of more than 2,400 IT, security and audit and assurance managers from 126 countries worldwide shows that the increase in regulations, data breaches and new technologies such as cloud computing and the rise of personal technology in the workplace are accelerating complexity and risk.

The key business issues affecting IT, according to Top Business/Technology Issues Survey findings, along with their weighted scores (out of 5) are:

  • Regulatory compliance (Score: 4.6)
  • Enterprise-based IT management and governance (Score: 4.4)
  • Information security management (Score: 4.1)
  • Disaster recovery/business continuity (Score: 3.1)
  • Challenges of managing IT risks (Score: 2.5)
  • Vulnerability management (Score: 2.1)
  • Continuous process improvement and business agility (Score: 2.0)

Survey data reveal four areas that just missed the top seven this year, but are expected to rise in importance in future member surveys: Cloud computing, mobile device management, virtualization and business intelligence. If you want to have a look at the full report, you can get it here.