US Airways flight 1549 teaches us that improbable events actually do occur sometimes. When the NTSB goes to investigate, the airplane’s black boxes will prove vital in the determination of cause. We can leverage this concept to fortify our chances of surviving a serious investigation. In this article I introduce design considerations for what I call the Black Box Data Store, the important data you need to prove your innocence in an investigation.

Coming off of a break myself, it seems appropriate to discuss the architectures what support continuity, when your company takes a break from following compliance policy. In this article, we discuss why this might happen, and what you can do to minimize the disruption this type of break can cause.

Control convergence – the effort of staying in compliance while reducing the number of controls – is a big trend in the industry today. In this article, we demonstrate how the data professional can support a control convergence effort, by way of fictitious case study.

In this article, we talk about policies – an important area of your companies governance, risk, and compliance program. We discuss what a good policy looks like, and how you can evolve a policy data management system in 3 stages.

Human beings, by their very nature, make mistakes. Even seasoned professionals make simple errors on occasion. In this article we explore the “mistake database”, an architecture to help your company minimize errors.

On this 7th anniversary of the September 11th catastrophe, we’ll take a close look at how to characterize disaster, and more importantly how to learn and move on.

Inaccurate risk probabilities can wreak havoc on the applicability of your risk database. Why go through the trouble of setting it up, if bad probability entries render your database unusable? In this article, we explore the importance of getting the risk probability correct, and ways to improve your accuracy.

Compliance usually starts with a fire drill, however intelligent companies take the time to step back and put their compliance into perspective. Risk is the key to understanding and optimizing your compliance program. In this article, we discuss risk as an evolution from compliance, and look at some ways to model it in the enterprise.

A consistent pattern that emerges in compliance best practices, is the notion of accountability. Demonstrating accountability is a key component of building a solid compliance program. In this article, we explore the motivation, requirement, model, and architecture to make accountability a reality in your company.

A death march is a project that is doomed to fail. If you are in IT, and you are dragged onto a compliance project, chances are you will find yourself stuck here. In this article, I'll give you my tips for identifying a death march, and more importantly surviving one.

The new SEC standards for SOX compliance have made it clear that your company should spend more time focused on financial risk. In this article, we’ll explore what’s driving this, how you as a database professional can help out, and some design considerations for a Financial Risk Compliance Data Mart.

This article wraps up the series on the types of controls and our discussion of architectures, by taking a look at the adaptive control. We’ll explore how you can support your business deal with the impact of risks, when there is no contingency plan.

Nobody likes a firefighting effort, but unfortunately it’s a fact of life that we need to deal with as database professionals. In this article I share my 3 favorite tips for getting through without getting burned.

This is a continuation of a skip series that I’m doing on the architecture of different control types. In this article, we discuss Corrective Controls; why we need them, and how to design for them.

Is IT centralization a good thing for your company, or is decentralization the answer? In this article we look at the advantages and disadvantages from a compliance point of view, and my conclusion to this age-old debate.

Okay, we’ve already learned the prevention is the best medicine. But what do we do when we cannot put preventive controls in place? This article answers that question and more, with more examples and data architecture considerations.

In this article, we discuss the importance of understanding your “Really As-Is” process, and the big mistake companies make when building process documents. Then, we explore a data architecture for continuously auditing your process in an automated fashion.

In today’s article, we discuss the different types of controls, the best type of control, and considerations for how these controls can be worked into the data architecture of your company.

In this article, I scratch the surface on the growing concern of data privacy. We’ll discuss how the industry has reacted to the concern, and how you might start to solution for it.

What do you do when your company consistently has compliance weak points that don’t seem to go away? This article explores this condition, and provides the steps that your company will need to go through – and how you will support it.

For years now, agile development has been an extremely efficient way to get results while keeping the customer happy. However there are perils, especially for the database people. This article gives you a primer for what to expect, and how to succeed.

If dead people are accessing your database, data breach is right around the corner. In this week’s blog, we discuss database access management concerns, and how to architect a compliance system to handle them.

Here we take a look at end users sending data back to the database. Is it a good idea? What are some of the reasons why your end users would want to do this? And, four key tips to consider when designing in this functionality.

For the last couple of weeks we’ve been talking about controls. Here we round out our series by talking about Segregation of Duties ( SOD ) as a way to keep things in control. Here are some key tips for designing systems that demonstrate control with SOD.

As a follow on to last week’s blog about controlling with reconciliation, in this blog we look at another common control – approvals. Here are some key tips for designing systems that demonstrate control with approvals.

In the compliance world, reconciliation is more than just making sure your data loaded properly. Here are some key tips to using reconciliation as a control in your compliance data system.

When audits are involved, you are guilty until proven innocent. Here are 4 key strategies to employ in the design of your compliance data system, that will prove your company’s innocence.

An introduction to Compliance Data Systems – a data system for the auditors. Here we explore the need, and see where it fits into the technical architecture.

Inaugural entry for John Weathington’s Quest for Compliance. Here we get introduced to John, get clear on some compliance related definitions, and get acquainted with the impact compliance has on DBAs, database developers, and IT managers.