Premise and Conclusion

'Rules of Record'
Why 'System of Record' Isn't Enough

by Ronald G. Ross

Business computing today is characterized by a tangled web of interfaces and data movement from system to system, and from source to sink (e.g., data warehouse).  Knowing the official 'systems of record' is basic for resolving discrepancies and demonstrating compliance.  But that's merely a start.  What your business really needs today is to know the rules of record.  A focus on business rules, rule management, and enterprise decision management (EDM) makes that possible.  This column explains.

First a little background.  If every piece of data in the organization had a single, clear home, identifying official versions would be easy.  But in today's world, operational data is extracted, merged, massaged, re-platformed, and reported many times over, often obscuring original sources.  Identifying a 'system of record' establishes which source is official for each element (or chunk) of data.  In other words, it gives you physical traceability back to source.^[1]  That's a first and very basic step for compliance.

What physical traceability doesn't do is explain why that source may have a different value from the copy of the data you're actually seeing.  You might call that difference semantic drift (although that term probably dignifies what often is just plain sloppiness about the meaning and use of data).  Since you can't be sure what rules were applied to create the official version, you can't easily do a delta on what you're actually seeing.  In other words, you have no semantic traceability back to source.

From a compliance point of view, knowing the rules for source data is paramount.  Of course, if those rules never changed, you might be able to reconstruct them at an acceptable price when and as needed for compliance.  But today, change — at an ever faster pace — is the name of the game.  Add massive personalization and customization to the mix and you quickly reach an impossible threshold of complexity and expense.

The solution is simply never putting yourself in a position of having to reconstruct rules.  Rather, you want to manage rules in such way to keep them 'on the record' — i.e., to maintain rules of record for each operational business decision your company makes.

References

[1]  For additional background on 'system of record' see:

http://en.wikipedia.org/wiki/System_of_record

http://www.yourwindow.to/information-security/gl_systemofrecord.htm

[2]  For example, Raden and Taylor write, "Logging rules as they execute to create a record of how a decision was made is a common requirement of decision services.  They can be managed like a typical logging requirement, except that using business rules makes it easier.  Using business rules also makes it possible to use the logged information in both customer-facing and regulatory conversations, because the rules are more user-friendly." James Taylor and Neil Raden, Smart (Enough) Systems:  How to Deliver Competitive Advantage by Automating Hidden Decisions, Prentice-Hall (June 2007), ISBN: 0132347962, p. 358.