Everyone is talking about compliance. If your company is listed in NASDAQ or any other U.S. public stock exchange, it is required to comply with the Sarbanes-Oxley Act of 2002 (SOX). If your company is a medical organization, it needs to comply with HIPAA. There are many laws and regulations that companies need to comply with, depending on the market they work in and the part of the world in which they operate. But, even when not required by regulations to set up specific safeguards, a company should formulate a policy of data access and implement it.

Compliance spending has increased tremendously in the last few years. According to Ziff Davis, the cost of compliance went up from $13 billion in 2002 to more than $25 billion in 2005. This investment is made in both manpower and technology, but technologies such as Bsafe/Enterprise Security software can help save time and money on the painful road to policy compliance. The major emphasis in such regulations is on management responsibility. At the end of the day, regardless of what regulations apply, it is management's responsibility to make sure a policy is being implemented.

Ensure SOX Section 404 Compliance

SOX section 404 emphasizes management's responsibility for establishing and maintaining adequate internal control structure and financial reporting procedures as well as the assessment made by that management. In its new version of Bsafe/Enterprise Security, Version 5.5, Bsafe Information Systems has developed its groundbreaking Policy Compliance Module, through which executives can check whether their policies are being complied with and even implement functions to enforce compliance.

The Bsafe Policy Compliance tool provides another layer to facilitate policy compliance as it lets non-executive personnel track policy compliance without intervention of IT personnel. In addition, Bsafe's Template Management allows companies to capture their policy in templates, and the Bsafe Policy Deviation Report tool automatically shows how the company settings in System i deviate from the company's compliance policy as defined in the templates. These features reduce time and effort invested for a company to comply with SOX and other regulations.

Implement a Circle of Compliance

An additional part of the package to help IT managers and auditors efficiently ensure that their company information systems comply with SOX is Bsafe's set of predefined SOX control log reports and alerts. The SOX reports, for example, are set to help IT managers understand whether a SOX compliance policy has been violated. The SOX alerts are sent to an IT manager or other company managers when there is an attempt to violate a SOX regulation. Bsafe has created a unique solution that will help managers make sure that their company policy is being implemented, regardless of their technical background.

Figure 1: These are the steps for implementing a compliance policy.

The "circle of compliance" diagram in Figure 1 illustrates the major steps for implementing a compliance policy: The first step is to create the policy. The second step is to capture the policy into a policy template. Once policy is implemented, compliance can be checked by comparing the policy template to the actual system and Bsafe configurations with the help of deviation reports to show how the implementation deviates from policy. Finally, those deviations can be fixed semi-automatically in order to achieve complete policy compliance.

Companies that are interested in learning more about the new version of Bsafe/Enterprise Security can contact a representative or apply for a free trial.

About Bsafe Information Systems

Bsafe Information Systems produces network and data security products for IBM system i (AS/400), IBM Series z (mainframe), Windows Servers, and open systems. Bsafe/Enterprise Security for System i is IBM Server Proven. For more than a decade, the company has been providing security solutions to large organizations with high security demands such as banks, insurance companies, and public institutions. Bsafe's experience and ongoing development in security technology enable it to provide comprehensive and state-of-the art solutions for its clients. Bsafe Information Systems includes among its customers Toyota, Volkswagen Financial Services AG, Avon, Bayer, Delhaize Group, SG Bank de Maertelaere, Adecco, Bank Hapoalim, El Al, and others.

Merav Bohr is a Marketing Manager at Bsafe Information Systems a developer of network and data security products for IBM System i (AS/400), IBM System z (mainframe), and open systems. Merav holds a Mathematics B.Sc. from Albright College and a Masters degree in Mathematics Curriculum Development from Haifa University (Suma Cum Laude). The author may be contacted at meravbohr@bsafesolutions.com



Bsafe Information Systems
375 Sylvan Avenue, Suite 30
Englewood Cliffs, NJ 07632-2725
Tel: 201.503.0021
Fax: 775.593.4464
Web: www.bsafesolutions.com
Email: itay@bsafesolutions.com