Companies Get More Compliance Tool Options

It's welcome news for those struggling to meet new regulatory requirements

Companies looking for tools to help them monitor their compliance with privacy and other regulatory requirements have a couple of new offerings to consider.

IBM Global Services last week announced a service aimed at helping corporations comply with privacy regulations related to the collection and use of personal information on their Web sites.

IBM will deliver the service in collaboration with Watchfire Corp. The Waltham, Mass.-based security vendor has been selling compliance management software as a part of a wider Web quality assurance product for several years. Under an agreement announced last week, IBM will use the Watchfire technology to deliver a subscription-based managed compliance monitoring service.

The service will use Watchfire's software to monitor Web sites for things such as data collection and sharing practices, opt-in and opt-out choices, broken links, missing privacy policies, third-party linking and the use of tracking technologies, said John Burg, a privacy services manager at IBM.

The company also sells compliance technology called Tivoli Privacy Manager, which monitors and enforces privacy policies at the application and transaction level. Watchfire's technology adds a Web monitoring capability.

A company with a Web site that has about 10,000 pages can expect to pay $40,000 in initial assessment and validation costs and then a monthly fee of up to $15,000 for IBM's compliance service, Burg said.

"Humans couldn't possibly do such automated monitoring," said Monica Champion, senior vice president of Internet and e-business at Atlanta-based SunTrust Banks Inc.

The bank is using Watchfire's WebXM software to scan and monitor its Web site for violations of preset privacy policies . "It allows you to ensure that you are doing what you say you are doing," Champion said.

Meeting Mandates

Meanwhile, Consul Risk Management Inc., a Delft, Netherlands-based company with U.S. headquarters in Herndon, Va., last week rolled out software designed to help companies monitor compliance with the requirements of the Sarbanes-Oxley Act.

The offering is a module for Consul's InSight Security Manager 5.0 suite of security event management and auditing software. The software allows companies to monitor and audit user access to data across a wide range of operating environments, said Marc vanZadelhoff, director of product development at Consul.

The Philadelphia Stock Exchange is using an early version of the software to monitor user access to a mix of Unix, IBM mainframe and proprietary Stratus Technologies Inc. VOS operating system environments.

Consul's software allows the stock exchange to gather log information from all those systems and present it in a standardized form in a Windows system, said Bernie Donnelly, the exchange's vice president of quality assurance. "We want to keep track internally of who is going where and for what," Donnelly said.

The starting price for Consul's Sarbanes-Oxley module is $40,000.


Privacy Patrol

IBM's compliance offering will provide:

Assessment and validation services to identify potential problem areas.
Services to help develop and implement privacy policies.
Monitoring services to ensure compliance with policies.

Copyright © 2003 IDG Communications, Inc.

Shop Tech Products at Amazon