Governance, Risk Management and Compliance (GRC) solutions on the Informix database enable safeguarding of sensitive data and provide a common platform for tracking data access for each user and implementing data access controls across the supply chain. GRC solutions function as an adjunct to the production solution and facilitate sharing of sensitive data between customers and suppliers.

Examples of sensitive data include customer specific PLC data, data in relation to customer supplied tooling, data in relation to customer supplied materials or inventory, recipes, formulae, drawings, dimensions, specifications and quality control data.

Often times suppliers know about quality and delivery issues as soon as a particular job hits production. However without adequate data access controls such as an Informix based GRC solution, it is not possible to share this information with customers. So the customer does not learn of likely delivery issues until much later. Or in the extreme case the first the customer learns of quality and delivery issues is when their order doesn't show up and they have to call the supplier to ask why. Informix based GRC solutions facilitate data access controls so customers can potentially know of quality and delivery issues as soon as the supplier does.

Informix based GRC solutions tell you who accessed your data and what modifications they made. In the event of invalid or unauthorized data modification in the production database you may revert to an earlier version from the GRC database.

Details of which data was read and by whom and details of specific data modifications are automatically sent to a GRC database on Informix where data can not be modified once entered. The Informix GRC database creates records every time a user performs specific actions such as viewing items, editing details or executing a procedure. Records are locked and held for a specified time period in accordance with corporate policies.

Informix based GRC solutions have two dimensions: plant level and corporate.

At plant level organizations must comply with those aspects of The Data Protection Act (DPA), The Gramm-Leachy Bliley Act (GLBA), SB 1386 and Sarbanes-Oxley affecting operations at factory level.

Some examples are documentation as work in process moves between work centres within the plant, actions to perform when inventory enters or leaves the plant and specifying that certain data must always appear on consignment notes or alternatively restricting what data may appear on consignment notes.

In terms of corporate, the aim is to manage data risk, comply with legislation, enforce data access policies as they affect the entire organization and its customers and to maximize auditability of data access controls.

Some examples are ensuring that records can be locked, ensuring data integrity, ensuring auditability in relation to data access controls and ensuring data can not be modified or deleted once entered and ensuring that the GRC database itself is adequately versioned and auditable.

Informix enables you to securely store and audit very large volumes of sensitive data and so is the ideal platform for GRC solutions for PLC integration and data sharing on quality and delivery issues. Data sharing on quality and delivery issues potentially means lower levels of inventory and therefore decreased stock holding costs. Data sharing in real-time is also the prime example of customer service - the key determinant of increased sales revenue.