Software To The Rescue For SOX And HIPAA
Pressure to get in line with government regulations is fueling a slew of new and enhanced compliance offerings from tech companies.
IPLocks this month released Database Security and Compliance Solution v6.0, an upgrade that includes templates for compliance reports for Sarbanes-Oxley and other regulations. Version 6 also includes features for documenting database system transactions, which are often requested during compliance audits.
 |
IT Pays Back |
|
Companies with the fewest number of regulatory infractions: |
|
>>
Spend at least 10% of their IT budget on security
|
|
>>
Use IT to continuously monitor and analyze systems
|
|
>>
Frequently conduct internal audits, monitor security
|
|
Data: IT Policy Compliance Group |
Thornberry Ltd., meanwhile, says it will build Passfaces' user authentication technology into its NDoc information management system, used in the health care industry, to better protect patient data accessed by desktop and laptop users, in compliance with the Health Insurance Portability and Accountability Act.
A survey of more than 1,000 businesses conducted earlier this year by the IT Policy Compliance Group, formed by the Computer Security Institute, the Institute of Internal Auditors, and Symantec, shows that investments in IT security and monitoring help organizations avoid regulatory infractions (see box). Still, tech tools are no substitute for understanding the regulations that govern IT environments, says John Kirkwood, global information security officer for supermarket operator Royal Ahold. "A fool with a tool is still a fool," he says, adding that "regulators aren't buying the complexity argument." If there are issues concerning cost, operation, or implementation of a compliance strategy, Kirkwood says, "you're not doing it right."
Tweet This