With some compliancy deadlines recently passed and some fast approaching, the software vendor community is making strong efforts to automate much of the manual processes involved in obtaining, protecting, retaining and storing sensitive information.
Regulations like the Personal Information and Electronic Document Act (PIPEDA), which dictates how corporations must handle personal information, along with the U.S.- based accounting regulation, Sarbanes-Oxley, are keeping American and Canadian businesses on their toes to comply by set deadlines.
On Monday, IBM Corp. announced additions to its compliance software family, designed to help these businesses comply with the regulations. The additions include new content monitoring and retention tools, in addition to the release of the IBM Tivoli Security Compliance Manager, expected in May. The company said the tool will scan servers and personal systems automatically to ensure systems comply with security and privacy policies.
Big Blue also announced new Lotus Workplace for Business Control and Reporting — an integrated set of products and services that enable corporations to manage internal controls and data requirements of legislation including the Sarbanes-Oxley Act.
According to Robert Parker, partner with Deloitte Canada’s Enterprise Risk practice and a privacy expert, automating processes was and still is a top concern for businesses facing compliance deadlines.
In Canada, compliancy with PIPEDA had a deadline of Jan. 1, 2004. Although it has been nearly three months since that deadline, Parker said companies are still experiencing difficulties in complying with the new legislation.
The Toronto-based firm has found that many organizations continue to lack the skills and resources as well as the tools to create policies and procedures.
“Software can definitely help in the implementation stage (of policies and procedures),” Parker said. “But, it has to be adequately safeguarded and secure.”
For PIPEDA purposes, IBM also announced the Tivoli Security Compliance Manager. The new software offers automated security policy compliance audits to help businesses detect security vulnerabilities and privacy violations, the company said. The software can also be used to create corporate privacy policies as well as help address requirements posed by legislation like PIPEDA.
IBM is one of many vendors offering automation software for new legislation. Last week, Microsoft Corp. announced the Microsoft Office Solution Accelerator for the U.S.-based Sarbanes-Oxley accounting regulations, which comes as a free Office suite add-on. Sarbanes-Oxley requires companies to include internal control over financial reporting information and an accompanying auditor’s report in their annual financial reports. Sarbanes-Oxley directly affects more than 600 Canadian firms.
Markham, Ont.-based DataMirror Corp. also offers solutions for Sarbanes-Oxley compliancy. The company’s LiveBusiness solutions enable businesses to monitor changes made to data in real-time, as well as connect systems and applications that hold financial and corporate data. LiveBusiness solutions in place, corporate officers can gain a 360-degree view of all operations, shorten reporting cycles, and restore investor, stakeholder and public confidence in financial reports.
The company also offers LiveIntegration and LiveAudit solutions, which allow businesses the ability to integrate, record and track financial and disclosure-related information.
“When (most) of the regulations came into place, for the most part, the first thing corporations handled was customer-facing information,” Deloitte’s Parker said. “At that time, not much attention was paid to the back-end systems and software. Now we are seeing customers spending more time looking at the back-end systems and automating processes.”