"One of my clients cut 60% off the cost of reporting requirements by doing automation," he said.īy working from a central library of requirements, he said, it is possible to scan systems once and then report back on the various requirements and standards. Mark Nicolett, an analyst with the Gartner Group specialising in governance and compliance, said it is essential to automate and streamline as much of the compliance process as possible. It can be very onerous for a relatively small organisation." They don't have the skills, so they have to pay a consultant to figure out which parts of their systems and networks are affected by the regulations, and what they need to do about it to be ready for the audit.
"Smaller organisations still have to spend a lot of money managing their one or two requirements - such as PCI or the Code of Connection, for example," Bentley said. While the OpenPages offering is aimed mainly at very large organisations, Lumension is also targeting smaller organisations with 500 to 2000 employees. It means they can make fine-tuning adjustments throughout the year and then be ready for their audit when it comes around, rather having than a mass panic each time." "This feeds into their compliance requirements on a daily and weekly basis. "We are offering an automated repeatable and manageable process that feeds into both risk and compliance, and helps organisations manage their IT risk against their IT systems," Bentley said. Taking feeds from systems under the scope of compliance - which could be servers, databases, desktops or other devices - the central monitor maps their state of security against a nominated set of regulations and highlights any areas of non-compliance. Alan Bentley, head of vulnerability management at Lumension, said the new product enables companies to combine and streamline compliance and IT risk, and to have the ability to manage it in real-time. Now rebranded as the Lumension Risk Manager, it is underpinned by the UCF to provide up-to-date information about all relevant regulations. and is based on the compliance and risk management technology it acquired with the purchase of SecurityWorks Inc. The other new offering comes from Lumension Inc.
Richard Mackey of SystemExperts explains how to construct a framework that can help you identify your compliance needs.Īs well as tracking progress in compliance, he said the system will allow companies to carry out "what if?" modelling of any changes they plan, to see how the changes could affect their compliance position. "UCF tracks more than 400 laws, regulations and guidelines from around the world, and provides a set of 2,500 harmonised controls," he said. Combining the UCF with its own governance software, the company is launching a reporting and management tool that will work across multiple compliance initiatives, and break down the inefficient siloed approach, according to Gordon Burnes, head of marketing for OpenPages. The first product comes from OpenPages Inc., a long-term player in the compliance market. Now two companies are promising to help organisations gain control of their compliance responsibilities, and save time and money by rationalising their efforts.īoth of the solutions rely on the Unified Compliance Framework (UCF), a service provided by Network Frontiers LLC, which tracks the development of hundreds of global regulations and pulls their requirements together to see where they overlap.