A Sense of Validation

Rented software can help lighten regulatory burdens.
John EdwardsApril 1, 2007

Purveyors of hosted software have long touted the virtues of their distribution model. There are plenty, too. A rented application, delivered direct to desktop via the Internet, reduces the need for IT staff. Monthly subscription fees are relatively cheap — at least when compared with a million-dollar software license and a 20 percent annual maintenance charge. And the rollout time is short, often weeks rather than months. Now, add one more plus: hosted apps can help lighten the regulatory load.

Indeed, users are discovering that hosted applications — also known as software as a service (SaaS) — are uniquely suited for businesses in highly regulated sectors. Why is that? Because many Web-hosted applications and processes have already been vetted by regulators.

That eliminates the need for customers to individually validate systems, as is often the case with onsite technologies. “If it’s a SaaS application, the responsibility to get this software authenticated relies on the vendor,” says John Hagerty, an analyst with AMR Research, a Boston-based technology research firm. “That takes a lot of the hassle off the clients.”

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

The Flipping Point

Consultants say medical and pharmaceutical operations, in particular, can benefit from SaaS’s pre-approved status. In pharma, for example, a company is required to maintain “validated systems,” meaning the technology has been blessed by regulators and is in compliance with all mandates. “If you’re using a third-party provider,” says Hagerty, “you should be able to inherit its validation.”

That’s how it works for Ventana Medical Systems. A maker of medical-diagnostics equipment, the Tucson-based company must regularly certify its systems with the Food and Drug Administration. “In a regulated industry [like ours], you spend most of your time validating and updating software,” notes Anthony King, vice president and chief information officer at Ventana. “It really doesn’t add value to your business.”

Web-hosted software flips most of that responsibility onto the software provider — in Ventana’s case, “We don’t have to validate the tool, only the way we’re using it,” says King. “That becomes a pretty straightforward validation.” King believes that Web-hosted technology cuts Ventana’s business validation work “from man-years to man-hours.”

Corporate customers say rented applications also help them do a better job of managing crucial regulatory information. This is a bit surprising, given that many managers have steered clear of rented software because of concerns about data security. But in reality, companies that use more-traditional onsite software and data-storage tools often spread key data across multiple systems. “In a regulated industry, if you have data in two places, you can almost guarantee that it’s going to be wrong in one place,” says Jim McGeever, CFO of NetSuite, a SaaS provider.

Southwest Windpower, a maker of turbines, relies on NetSuite and other SaaS technologies to host crucial corporate databases. Southwest uses the data, among other things, to document hazardous materials used in the construction of its windmills. The hosted approach ensures that the information, which is sent to U.S. and European regulators, is kept secure and consistent. It also means Southwest’s employees and business partners can view relevant data from any location. “The information is available 24/7 worldwide,” says Susan Casebeer, Southwest’s CFO. “That’s what I love about SaaS.”

Carbon Copies

This is not to say that hosted programs solve all regulatory problems related to software. Compliance rules and procedures vary widely across sectors — and regulatory bodies. Thus, a potential adopter needs to carefully examine a Web-based application to determine if it applies specifically to the company’s industry. And no matter how secure a hosted piece of software is, regulators will still hold customers accountable for poor recordkeeping or lax internal controls.

Those caveats have not deterred many clients. Users say rented apps help solve a world of compliance problems, including regulatory reporting requirements. Chemical giant DuPont, for instance, uses a SaaS-driven compliance system developed by Enviance to streamline its toxic-waste reporting to the Environmental Protection Agency. (For more on environmental reporting, see “Cleaning Up Carbon.”) The technology collects toxic-release inventory data from 63 U.S. sites and then sends the information to the EPA. Says Aldo Morell, DuPont’s director, safety, health, and environment: “It automatically generates the form that is submitted to the EPA from the site.”

The system has also helped DuPont slash the time it takes to enter and process data into the reports. Equally valuable: Enviance monitors EPA regulatory changes and modifies the reporting software accordingly. That frees DuPont from having to alter the application. Says Morell, “That saves us money.”

John Edwards, a frequent contributor to CFO, is author of The Geeks of War.


A hosted application helps one insurer keep up with a welter of state regulations.

Making sure employees are legally qualified to perform their tasks can be a huge headache in highly regulated industries. It’s a particularly vexing problem in the insurance business, where sales representatives must be certified in each state in which they work. “States have differing rules and regulations,” explains Dan Simpson, chief information officer at Physicians Mutual Insurance. “We don’t want to appoint someone and have them sell insurance in a state that they’re not licensed in. That would cause regulatory issues for us.”

Eager to ease the compliance burden, the Omaha-based carrier turned to Compliance Express, a hosted application from Sircon Corp. The product, a browser-based program that requires no upfront investment in software, allows users to electronically submit appointments and terminations to state insurance departments. The approach provides fast — usually immediate — electronic-transaction confirmation. The software also tracks license renewals.

The hosted program means Physicians Mutual no longer has to physically track rule changes in individual states. The application also keeps the company current with appointment and termination filing procedures and fee schedules. “We were contacting the same information sources as the Sircon database, but we were doing so in an inefficient way,” says Simpson. “We had a number of people executing manual processes to keep track of everything.” And unlike printed directories or onsite software, Compliance Express is continuously and invisibly updated.

So far, management at Physicians Mutual has no complaints about the software. In fact, a cost-benefit analysis found that the SaaS technology generated a 24 percent rate of return, with payback in just over a year. Says Simpson: “It saves us a lot of time and money just by reducing the manpower necessary to keep all of that information up to date.” — J.E.

SaaS for Regs: The Good & the Bad

The Good

  • Software validation can be shifted from customer to vendor.
  • Regulatory information is kept in a consistent form at a central location.
  • Streamlined and automated report filing.

The Bad

  • Compliance rules and procedures vary widely across different industries and regulatory bodies, making it a challenge to find a suitable SaaS application.
  • Technology does not get companies off the hook for poor internal controls.