Audit and Compliance

Audit and Compliance

Today, enterprises everywhere face unprecedented demands to comply with strict requirements governing the security and integrity of their critical business information. To meet these requirements, organizations must be able, at any given time, to know who has access to what information resources, monitor changes in access control, report the results, and provide a historical record. They must also be able to respond to deviations from business process controls, IT controls, and procedural policies swiftly and effectively, addressing any issue that could compromise compliance, impact security effectiveness, and ultimately increase liability. 

In the United States alone, compliance with legislation such as the Sarbanes-Oxley (SOX) Act, Health Insurance Portability and Accountability Act (HIPAA), and Gramm-Leach-Bliley (GLB) Act can impose overwhelming demands on organizations. The European Union International Accounting Standards (EU IAS), Basel II initiative, European Data Protection Act, and other international requirements extend the pressure globally. The economic and operational difficulties of documenting controls, instituting monitoring processes, gathering data, generating reports, and preparing for audits are realized everywhere, every day.

To ensure compliance with these legislative and international requirements, organizations are being forced to add staff, hire consultants, and implement processes that are often manual and complex. The challenge is to find manageable, repeatable, sustainable, and cost-effective alternatives for meeting security and compliance objectives over the long term.

Auditor helps enterprises maintain compliance with legislative and other security requirements through:
 

  • Scheduled or automated evaluation, detection, and immediate notification of audit policy violations
  • Packaged, customizable audit policies that address the methodology of control frameworks
  • Streamlined, automated, and delegated certification of access privileges and audit policy violations
  • Automated risk assessment; mitigation and remediation of security controls
  • Identity services for enterprise security event management applications
  • Comprehensive reporting, including reports tailored to Sarbanes-Oxley, HIPAA, and other regulatory requirements
  • Visibility into performance and effectiveness of internal controls