Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:30 AM
Connect Directly

Software To The Rescue For SOX And HIPAA

Still, technology is no substitute for knowledge when it comes to keeping in compliance with government regulations.

Pressure to get in line with government regulations is fueling a slew of new and enhanced compliance offerings from tech companies.

IPLocks this month released Database Security and Compliance Solution v6.0, an upgrade that includes templates for compliance reports for Sarbanes-Oxley and other regulations. Version 6 also includes features for documenting database system transactions, which are often requested during compliance audits.

IT Pays Back
Companies with the fewest number of regulatory infractions:
>> Spend at least 10% of their IT budget on security
>> Use IT to continuously monitor and analyze systems
>> Frequently conduct internal audits, monitor security
Data: IT Policy Compliance Group
Another vendor, Bioscrypt, last week said it will use fingerprint sensors from Upek for its biometric readers, designed to comply with a federal standard for ID verification. That standard also is the backbone of a regulation requiring agencies to issue all workers an electronic identity card for building access by Oct. 27.

Thornberry Ltd., meanwhile, says it will build Passfaces' user authentication technology into its NDoc information management system, used in the health care industry, to better protect patient data accessed by desktop and laptop users, in compliance with the Health Insurance Portability and Accountability Act.

A survey of more than 1,000 businesses conducted earlier this year by the IT Policy Compliance Group, formed by the Computer Security Institute, the Institute of Internal Auditors, and Symantec, shows that investments in IT security and monitoring help organizations avoid regulatory infractions (see box). Still, tech tools are no substitute for understanding the regulations that govern IT environments, says John Kirkwood, global information security officer for supermarket operator Royal Ahold. "A fool with a tool is still a fool," he says, adding that "regulators aren't buying the complexity argument." If there are issues concerning cost, operation, or implementation of a compliance strategy, Kirkwood says, "you're not doing it right."

Register for Insurance & Technology Newsletters