Interview: Rick Heroux, SEC's systems doctor
EDGAR face-lift will ease filing strains
Rick Heroux is spearheading the modernization of the Securities and Exchange Commission's Electronic Data Gathering, Analysis and Retrieval system.
The commission is up-dating EDGAR, which it brought online in 1992 after congressional authorization, to improve the presentation quality and structure of SEC filings, and to reduce the cost and effort of preparing and submitting required finan-cial filings.
Heroux joined SEC in 1997. At first he was the EDGAR program manager and Web team rolled into one.
His staff now has three other employees, and the modernization is continuing full speed ahead.
He brought to SEC more than 15 years of experience in developing LAN operating systems, optical disk storage systems and artificial intelligence tools for the IRS. He also worked as chief of technology, helping with systems engineering for the IRS modernization effort.
Heroux has a bachelor's degree in computer science from the University of South Carolina and a master's degree in information systems from Strayer University.
Heroux talked with GCN staff writer Shruti Dat' about planning and implementing the EDGAR modernization.GCN:'What initial planning did you do for the Electronic Data Gathering, Analysis and Retrieval system modernization?HEROUX:
The modernization began three years ago. All of our divisions were involved in the planning'our Division of Corporation Finance, Division of Investment Management, Office of Filings and Information Services, and the Office of Information Technology.
We scripted the modernization completely and planned a three-year modernization. We scripted the goals and put the request for proposals on the street knowing exactly what we wanted. We wanted to make sure we modernized the EDGAR hardware and software.
We were using 14.4-Kbps modems and an MS-DOS platform. We also wanted to modernize the data because everything was in ASCII. We wanted more Internet technology in our data and applications. We wanted to use a browser application as opposed to an operating system application to give us a more open approach. We wanted to make it easier for filers to submit documents, reducing filer burden.
We also wanted to move from custom-built code to more commercial, off-the-shelf products. That movement would significantly reduce the cost of operating and maintaining the system. We have already realized $150,000 a month in savings on the operation and maintenance side of EDGAR with this modernization.
Moving to COTS products brings us closer to a more open environment. GCN:'How does the EDGAR modernization support the Securities and Exchange Commission's mission?HEROUX:
EDGAR itself supports SEC's mission to regulate the securities industry and to provide timely information to investors. The primary way we do that is through the documents that pass through the EDGAR system. EDGAR gathers all of the documents for our examiners so they can make sure the industry is being honest in its disclosure to the public.
Modernization has already decreased the cost of a Level 1 subscription, which is a live feed of the data. So we've already allowed more players to get into the market as Level 1 subscribers of our data.
We've increased the amount of data that's being propagated across the country through this modernization.GCN:'How does mod- ernization affect the Office of Information Technology?HEROUX:
No. 1, it saves money. Our budget for EDGAR is no longer as large as it used to be.
We are integrating other systems within EDGAR so it will help us in the management arena. We'll no longer have to manage two disparate systems, one of which manages the funding and the other of which manages the EDGAR documents.
The Entities, Filings and Fees System (EFFS) will be integrated into EDGAR. That system tracks workload for our examiners, paper filings and money, as some of our filings have fees associated with them.
Merging those two systems helps the Office of Information Technology, which will no longer need two camps to manage these systems.GCN:'What work will SEC do during the second phase?HEROUX:
It will be mostly Internet technologies. It includes moving toward Hypertext Markup Language and Adobe Portable Document Format, and increasing the 14.4-Kbps modems to the 56 Kbps we use now.
We are going to be using Sun Microsystems Inc. boxes, boxes running Microsoft Windows NT and Web servers. Right now we are using servers from Stratus Computer Inc. of Marlborough, Mass. Those boxes are pretty expensive, but they are big, high-powered machines. We have a centralized environment for some of our functions but we are moving to a more distributed environment using the NT and Sun boxes. For the Web, we are using systems from EMC Corp. of Hopkinton, Mass. to handle the data and are replicating the data instantly at our two sites.GCN:'What will the third phase entail?HEROUX:
This is where we will be able to do business, where filers can submit information through the Internet.
In the first phase we brought the data, which was out in Ohio, in-house, and we populated those EMC boxes with that data. We produced a text management system, which was full-text retrieval for all users. The second phase is the introduction of 56-Kbps modems, and HTML and PDF documents in the submission stream. The third phase is Internet filing.
The total modernization cost is $22.5 million, which includes buying the hardware and software and building some custom code to glue it all together. TRW Inc. does the development, operations and maintenance. We have a three-year modernization contract and a three-year operations and maintenance contract.GCN:'What roles do SEC officials play in the implementation of the EDGAR modernization?HEROUX:
We scripted the modernization from the start. At each phase of the procurement there was an opportunity for us to take a look around and correct the system to reflect changes in our business needs. We had the opportunity to add new functionality.
Most of the changes entailed new form types, new examination techniques and new reports. We could not anticipate changes, but we had to be flexible enough to add new requirements quickly. Our role now, since we signed the contract with TRW in July 1998, has been technical oversight, including functions such as making sure the contractor is doing what it signed on to do, making sure our requirements are met and helping the contractor gather requirements.GCN:'How will Internet technology change SEC?HEROUX:
Internet technology gets us away from technologies, like operating systems, that tie our hands. When you move to a browser environment, people can use any operating system.
- Age: 35
- Leisure activities: Playing football, hockey and basketball, and watching other sports
- Pets: Alex, a golden retriever whom Heroux enjoys taking to the park to play with a tennis ball or Frisbee
- Other activities: Adjunct professor at Strayer University for operating systems theory, networking, programming, methodology, analysis and design
We are moving toward a more open systems technology by using the Internet. Our customers use the Internet and create HTML and PDF documents, so it became a natural marriage that they would want to submit their documents in that format.GCN:
'What role does computer security play in the modernization?HEROUX:
It plays a major role. We're using a shared transport mechanism, which means you have to provide a much higher level of security than an internal system. You need to make sure you encrypt the data so you don't compromise the data en route.
Also, there is an authentication problem. We need to make sure that it is really the filer that is sending us the information. They need to ensure that it is really us at the receiving end.
We are using public-key infrastructure technology when we accept filings across the Internet.
We are using a secure shell between SEC and the filers to ensure that the document comes in clean. We are also using digital signatures so we can be sure the document is not tampered with. It's not public knowledge yet who the security contractor will be.GCN:
'What lessons have you learned through the modernization?HEROUX:
I was involved in another modernization project and did my master's thesis on federal modernizations. I did not want to make the same mistakes made elsewhere. I wanted to make sure that we had user input and that we had the business side of the house walking arm-in-arm throughout the process to meet their needs. I wanted to make sure that the EDGAR system was built on budget and on schedule. The planning process was very important.