The rapid enactment of the recent sweeping laws regarding electronic data and recordkeeping have been lauded by some and decried by others as ôoverkill.ö This paradox is largely due to the disparity of benefits of the laws to each specific arena where they have an impact. Compliance Week and Raisch Financial Information have teamed up to develop a Sarbanes-Oxley (SOX) scorecard for tracking SOX performance across the Russell 3000 public companies; they found that 1 in 13 public companies has financial controls that its auditor finds shaky,ö and that the top offenders are computer hardware and software, metals and mining, and consumer services (Shread, 2005). The pharmaceutical industry, for example, actually requdsted the laws tn promote security and assist with their need for guidelines in migrating to a paperless environment. The technology industry, however, is overwhelmed with the demands of the new legislation. The 21 CFR Part 11 regulation is a force to be reckoned with, because in order to comply with it, many companies will be forced to make major, expensive changes, such as acquiring new hardware or software systems, making wholesale changes to existing policies and procedures, retraining employees, and ferreting out undocumented procedures so that they can be documented. Companies of all types need to be ready to perform a Part 11 gap assessment on all of their systems that are subject to electronic data requirements and make whatever changes are necessary to bridge the gap (Fitch & Spector, 2003).
Although opinion on the regulations varies, I believe that the rapid enactment was necessary. For one thing, the changes that need to be made will take a long time, so the sooner companies begin complying, the better. Also, since the primary purpose of the regulations is to achieve security, the regulations are to our advantage. Although convenience and profit are naturally of great importance, they must both take ...