© 2005 Princeton Softech, Inc. Managing Oracle Data to Support Compliance Initiatives Alan Schneider GCOUG January 18, 2006 Overview of Best Practices and Best-in-Class Solutions

© 2005 Princeton Softech, Inc. 2 Today’s Discussion  Princeton Softech and Oracle  Challenges of Data Growth and Retention Compliance  Best Practices in Managing Oracle Data -Establishing Functional Policies and Service Levels -Managing archive and retention processes  About Princeton Softech -Optim™ Solution Capabilities

© 2005 Princeton Softech, Inc. 3 Challenge: Database Growth

© 2005 Princeton Softech, Inc. 4 What’s Driving Data Growth?  High-volume online transaction processing: -Customer facing eCommerce applications -ERP/CRM -Supply chain applications  Record retention requirements: -Financial Services – Sarbanes-Oxley -Healthcare – HIPAA -Pharmaceutical – 21 CFR 11 -Financial – IRS and SEC Rule 17a-4  Multiplicity of data: -Multiple operational, development and testing environments -Disaster recovery and business continuity -Routine backup and recovery

© 2005 Princeton Softech, Inc. 5 Data Retention Example  SEC Rule 17a-4 -Retain records for six years from close of account or termination of associated employees -Keep records in an "easily accessible place" -Produce records immediately if the records are located in the office where the request is made -Produce records within three business days if the requested records are located off-site -Display requested records electronically in a local office and immediately produce printed copies to satisfy Rule requirements

© 2005 Princeton Softech, Inc. 6 1.Identify the business parameters that will drive an archive 2.Establish service levels for archive access by functional users 3.Place archived data in the storage appropriate medium 4.Provide the appropriate archive access interface 5.Select from multiple tool options available 6.Document improvements Archiving E-Business Suite Transactions

© 2005 Princeton Softech, Inc. 7 Establishing Functional Business Policies  Develop a channel of internal communications on functional retention policies -Ensure functional business users understand the needs and costs of long-term, compliance-driven retention -Conduct annual training on retention policies and procedures  Ensure that the technical teams preserve the functional requirements in their archive implementation  Ensure that your technical staff is comfortable with archive retention mechanisms

© 2005 Princeton Softech, Inc. 8 Driving Retention Aspects of Compliance  Internal controls and best practices  Business unit accountability  Real-time monitoring and disclosure  Consistent and sustained access to historical transactions

© 2005 Princeton Softech, Inc. 9 Preparing for Retention Oriented Compliance  Step 1: Develop functional archive policies  Step 2: Define those policies to an archive product and storage architecture  Step 3: Don’t forget about process

© 2005 Princeton Softech, Inc. 10 Step 1: Business Policies Drive Archiving  Identify applications that manage regulated data  Build consensus among stakeholders on retention and retrieval: -Business owners, application developers, storage -Include CFO, legal, compliance, security  Document your business policies: -Types of data (Active, Inactive/Historical, Reference) -Processes for Archiving, Viewing, Retrieving Objects -Processes for Compliance and Disposal

© 2005 Princeton Softech, Inc. 11 Functional Requirements for Archive ApplicationRetention (Years) ArchivingRecovery / Access Requirements Lead Time Type of Data to Archive GL3YearlyAudit; Trend analysisYLedgers, Journals, fully posted AP3YearlyAudit; Trend analysisYVouchers, Payments, fully paid and posted AR3YearlyAudit; Trend analysisYInvoices, items Billing3YearlyAudit; Trend analysisYInvoices Billing Interface 1QuarterlyTroubleshootingYBilling input AM3YearlyAudit; Trend analysisYRetired assets AM Interface1QuarterlyTroubleshootingYAsset input, GL interface Payroll2YearlyAuditYPaycheck processing data and balances

© 2005 Princeton Softech, Inc. 12 Define Retention Policies at Business Layer Order Management Archive Orders for any Order Type, Order Category, Customer, Order Numbers, Order Dates, Creation Date values Purchase Order Archive Blanket Agreements and Purchase Orders by a specified Last Activity Date Work in Process Archive Discrete Jobs and Repetitive Schedules for any Accounting Period Accounts Receivable Archive Transactions (other than transactions applied to commitments) posted to General Ledger or prior to a Cut Off Date value

© 2005 Princeton Softech, Inc. 13 Archive Templates Know E-Biz Data Model

© 2005 Princeton Softech, Inc. 14 Align Service Levels with Business Use Functional Usage / Access Requirements Over Time Functional DataFrequent and Intuitive Access (Self-Help) Infrequent Ad-Hoc, Query-based Access (via Query) Exception-based Reference/Spreadsheets (24-hour IT response) Complete Deletion (Dictates storage planning) Ledgers (GL)Current – 2YYears 3 - 5Years Year 11 Journals (GL)Current – 2YYears 3 – 5Years Year 11 Vouchers (AP)Current – 2YYears 3 – 5Years Year 11 Payments (AP)Current – 2YYears 3 – 5Years Year 11 Invoices (AR)Current – 2YYears 3 – 5Years Year 11 Items (AR)Current – 2YYears 3 – 5Years Year 11 Invoices (BI)Current – 2YYears 3 – 5Years Year 11 Billing Input (BI)Current YearYear 2Years Year 11 Retired Assets (AM) Current – 2YYears 3 – 5Years Year 11 Asset Input (AM)Current YearYear 2Years Year 11

© 2005 Princeton Softech, Inc Archive Transactions together with related adjustments, credits, reversals, calls, sales credits, and receipts 2.Closed transactions include zero-balance invoices, zero- balance debit memos, fully applied credit memos, charge- backs, cash receipts, as well as approved and applied adjustments 3.Receipts must be fully applied and related only to the transactions eligible for purge: -Status of AR_CASH_RECEIPT_HISTORY must be ‘Cleared’, ‘Risk_Eliminated’, or ‘Reversed’ -Debit memo reversals, require a reversal date Predefined Business Integrity Checks

© 2005 Princeton Softech, Inc. 16 Step 2: Define the Storage Architecture  Technical Safeguards (Security)  Data integrity safeguards -Access controls – authentication, authorization -Recording media (WORM media or subsystems) -Secure audit trails, duplicate copies, etc.  Data privacy safeguards -Access controls – authentication, authorization -Data encryption -Access logs, audits and reports *Exact requirements depend on regulatory environment

© 2005 Princeton Softech, Inc. 17 Storage Goals and Criteria Goals:  Cost effective  Easy to manage and scale  Ensure accessibility for many years Selection Criteria:  Storage capacity  Availability  Manageability  Performance  Cost Existing storage technology to be combined with new storage technology (e.g. ATA disk storage) to help reduce cost.

© 2005 Princeton Softech, Inc. 18 Step 3: Don’t Forget About Process  Important regulatory requirements specify that the data must remain unaltered and accessed only by the proper individuals.  Accessibility, storage and audit policies each result in a specific set of processes that govern their maintenance and education.  Consistent, repeatable, controlled, documented archive and access methods and tools

© 2005 Princeton Softech, Inc. 19 Summary of Advice  Recognize that IT owns Infrastructure, but the Business owns the data  Improve functional processes by tiering services by functional need -Higher service levels on current transactions -Lower-cost, lower service levels on historical transactions  Limit liability by ensuring real-time compliance controls are sustained and documented in your historical retention processes and tools -Respond quickly and accurately to audit requests -Reduce costs of discovery

© 2005 Princeton Softech, Inc. 20 About Princeton Softech  Proven leader in Enterprise Data Management -Solving complex data management issues since In-depth functional knowledge of mission-critical applications and the business rules that govern them -Over 2,200 customers worldwide  Including nearly half of the Fortune 500 -Only true enterprise solution: across applications, databases, hardware platforms and operating systems

© 2005 Princeton Softech, Inc. 21 Princeton Softech and Oracle  Only Oracle partner offering a single, consistent archive solution across entire Oracle stack -E-Business Suite, PeopleSoft Enterprise, JD Edwards EnterpriseOne, Retek, Siebel -All custom and packaged applications running on Oracle databases  Provides a safe, secure path to Project Fusion  Accelerated deployment of integrated Oracle partner solutions  Repeatable experiences through pre-defined and fixed-scope services  Highest quality skill sets and bench strength to augment your project teams, if desired  RESULT: no shelf-ware, no surprises!

© 2005 Princeton Softech, Inc. 22 Princeton Softech Optim ™  Provides a single solution for managing enterprise application data throughout every stage of the information lifecycle  Applies business rules and automates processes that govern how to assess, classify, archive, subset, access, store and protect enterprise application data  Supports and scales across applications, databases, operating systems and hardware platforms  Optimizes the business value of your IT infrastructure

© 2005 Princeton Softech, Inc. 23 Princeton Softech Optim ™

© 2005 Princeton Softech, Inc. 24 Support for Oracle Applications versions 11.0 & 11i Financials Manufacturing Supply Chain Human Resources Projects Transparent access to data via standard Oracle Applications forms and reports Pluggable archiving framework designed to support predefined archive templates and local customizations Support for E-Business Suite Transaction Processing Reporting Audit Archive Retrieve

© 2005 Princeton Softech, Inc. 25 Self-help Access to Archived Data Seamless access to BOTH archived and production data via Oracle Applications Leverages “Responsibility” to access data, using standard Oracle forms and reports Steps to view archived data:  Login  Select Responsibility  Access archived data, production data or BOTH Production Data Archived Data

© 2005 Princeton Softech, Inc. 26 Audit-Ready Snap-Shot  Preserves transactions’ business integrity without variance -Metadata preserved with archive  Complete business object archiving -Business reference data contained with purged data  Future-proofing through consistent and agnostic deployment -Across application vendors -Across application versions -Across database vendors -Access archives independently from native application  Enables decommissioning and migrations -Single Archive process for both self-help (transparent) and snap-shot query (audit) access

© 2005 Princeton Softech, Inc. 27 Access Archive Snap-shots for Audit  Only Princeton Softech has complete business objects archived for reporting based access stand-alone from any application version or front-end  Choice of: -Discoverer -SQL -Reports -Database reporting tools Product enables each access method, without reconfiguring the archive product.  Most customers tier access to archives based on age and status of business transactions, and will eventually seek to replace transparent access with report based access to older archives -Plan on eventually archiving the archive – re-use!

© 2005 Princeton Softech, Inc. 28 Results from Oracle Sites VOLT Information Sciences  Segregated 250 GB of a 500 GB database by age and status  Key functional processes now running 25% to 300% faster  Upgrade run-time reduced from 140 to 50 hours Bausch and Lomb Financial reporting 50% faster AIMCO Implemented and in production in 2 months – by one staffer, part-time project Giant Eagle Archiving generated a first-year ROI that exceeded their investment in archive software and labor Other Customers ADVO, AVX, Boeing, State of Georgia

© 2005 Princeton Softech, Inc. 29 Princeton Softech: Customers

© 2005 Princeton Softech, Inc.