Skip to main content
Hitachi Open Middleware that Supports Internal Control
As the new Company Law and Japanese SOX Act* take effect, many companies have been implementing activities to improve internal control. IT systems play an important role in many aspects of these activities, including documentation, application management, and record management, so internal control is a theme that cannot be discussed without including IT.
Based on the results of its response to the U.S. SOX Act, Hitachi has defined a framework for using IT for internal control, and offers the framework as the Internal Control Reconstruction Solution. The solution's service system, which covers all operations from upstream consulting to the support after system construction, provides comprehensive support to customers who desire to implement internal control both as a way to implement a response to regulations and as a way to increase corporate value.
The Internal Control Reconstruction Solution provides a framework of the IT support necessary for improving internal control. The framework is grounded in two concepts: control by IT and control of IT. Control by IT refers to the use of IT to implement robust business process control free from errors and improper processing. Control of IT refers to the control of IT with regard to security and operations to ensure that the IT is reliable.
Furthermore, Hitachi handles actions that respond to regulations as defensive IT and actions that increase corporate value as aggressive IT to create and promote appropriate IT system solutions that improve internal control from the perspective of both offense and defense.
Hitachi Open Middleware provides software products that support these solutions. Described below are the main Hitachi products that support internal control.
Implementation of internal control is impossible without client environment control. Job Management Partner 1 (JP1) is an integrated systems management product that provides the required control of client environments.
For example, you can use JP1 to monitor all clients connected to a network. If a PC not permitted to connect attempts to access the network, or if unauthorized software is installed, or if required security patches have not been applied, JP1 immediately isolates the problem clients or apply the patches to ensure that policies are being carried out.
WORM is an acronym for Write Once Read Many, which means that data that has already been recorded can be viewed but cannot be changed or deleted. The concept is similar to CD-R. In most databases, setting user permissions prevents recorded data from being changed or deleted. However, database administrators and other privileged users can change user permissions to allow them to update data. To eliminate such security holes, HiRDB WORM functionality prevents all users, including the database administrator and all applications that access the database, from updating or deleting data that has already been recorded.
uCosminexus DocumentBroker is a document management platform product that provides company-wide integrated management of documents created on-site during business hours by handling them as business activity records. uCosminexus DocumentBroker manages electronic documents appropriately according to their designed purpose, and provides security functions such as access control by LDAP authentication, exclusive-use control, history control, and assignment of electronic signatures and timestamps. These security functions ensure the authenticity of documents, implement superior management capabilities for the long-term storage of documents, and make possible the maintenance of ever increasing document loads. In addition, combined with Cosminexus Electronic Form Workflow, uCosminexus DocumentBroker both provides excellent control and improves operational efficiency by converting a business process into a workflow. uCosminexus DocumentBroker can also store digitally certified documents and work logs to provide an audit trail validating operations. Furthermore, the document search function accurately and quickly retrieves information that is required during an audit.
A collaboration tool is an effective means of ensuring adherence to internal control rules.
Groupmax Collaboration, which uses a group called a community as its unit of security, facilitates the sharing of information within a group while at the same time preventing access from the outside. With Groupmax Collaboration, you can encourage the sharing of information while ensuring that internal control rules are followed. For example, you can have a discussion in an electronic conference room while preserving a record of the discussion, or you can distribute the URL of an access-controlled shared file instead of attaching the file to an email message.