How Great Western Railway is getting its compliance on the right track
Great Western Railway (GWR) has enlisted the help of CoreStream to provide a new system for its compliance and regulations.
Like many organisations, ensuring compliance is vital – but for GWR it may count more than others. The railway operator is governed by a franchise agreement which includes more than a thousand obligations – and failing to comply with them can result not only in fines, but also disqualification from future franchise bids.
As a result, the company needed to overhaul its current infrastructure, which relied on a single Excel spreadsheet and, more often than not, information off the top of employees’ heads. Hence the arrival of CoreStream in August last year, going live just a month later, which offers as part of its portfolio Rail Franchise Manager; naturally specific to the rail industry, but can also be tweaked further for each operator.
“The solution becomes a train operating company’s system for managing their compliance with franchise obligations,” says Richard Eddolls, head of platforms at CoreStream. “Being able to record obligations – in excess of one thousand items – and being automatically prompted when action is required helps to solve a major data problem that previously required a great deal of manual effort.”
The Rail Franchise Manager covers risk, workflow and regulation management while the firm’s other bespoke product, the Digital Governance Portal, covers policy, controls, risk and workflow. Eddolls explains the importance of this: “The ability to not only extend to other modules, such as audit action tracking, risk and policy management, but also to integrate them into the franchise content is key. Readily available views of the policies that help govern elements of franchise compliance, and any risks or issues associated with it is the vision.”
Closer to home, the recent General Data Protection Regulation (GDPR) ruling affects many firms in terms of compliance. If companies don’t get up to speed within two years, they could face a fine of up to 4% of worldwide annual turnover.
Eddolls argues the proposals are much needed, adding that further down the line he expects CoreStream’s information asset management (IAM) technologies to gain greater traction because of it.
“I think it is time organisations took their responsibility to keep the data [and] information they hold seriously and legislation that enforces this can only be a good thing,” he says. “I personally believe the GDPR provides much needed, updated, and relevant data protection and regulation laws. You only have to look at the number of high profile data breaches over the last couple of years to realise that a lot of [breaches] could have been prevented if organisations and businesses took the appropriate steps to secure and manage data correctly.”
For now however, CoreStream’s vision is to continue to bring its platform to market in this way, offering guidance on best practice but with the flexibility to accommodate change, as well as to become the ‘go to provider’ for consolidating line of business applications into its platform. “The path we are on is to meet and satisfy the most complex of business requirements without needing to write a single line of code,” says Eddolls.
- » Continuous compliance, continuous iteration: How to get through IT audits successfully
- » HPE aims to deliver on hybrid cloud consultancy prowess with Right Mix Advisor launch
- » Why we should take the brakes off digital transformation with cloud-based connectivity
- » Monitoring cloud app activity for better data security: Five key tips
- » Practical cloud considerations: Security and the decryption conundrum