Responding to growing pressure on insurers to comply with federal regulations such as Sarbanes-Oxley, the Gramm-Leach-Bliley Act, the Federal Information Act and HIPAA, ControlPath (Englewood, Colo.) launched ControlPath Compliance Suite 3.0. "Sixty-six percent of insurers are placing a high priority on regulatory compliance," says Jim Hietala, director of product marketing at ControlPath. "We help them manage compliance by automating the workflow and assessing where the carrier is in meeting compliance goals."
The software can be installed on-site by the vendor, or ControlPath can host the solution through a Web interface. The suite consists of five compliance and risk-management modules that make up a real-time compliance dashboard: Risk Management, Impact Management, Vendor Management, Policy Management and a Controls Library. Compliance Suite 3.0 allows insurers to view and document the compliance status of business units, corrective action completion status and controls testing status for auditors, according to Hietala. It provides risk scoring; a mechanism to easily map requirements from multiple compliance regulations to internal security controls; and a central repository to store the critical risk components, including applications, servers, policies, procedures, physical locations and security domains.