Storage vendors such as EMC
and Hitachi Data Systems
have been pounding the tables of late, proclaiming that they have
the answer to the compliance bugbear that many corporations have been faced
with in the past couple of years with the passage — or pending passage —
of federal regulations that require documents to be saved for a definitive
period of time.
While many of these vendors are treating compliance with software solutions
under broader information lifecycle management (ILM) strategies, IBM
is taking a different tack. The company already had enough
of the technology pieces in place to create such solutions, but officially
put them to use at a time when concern over meeting regulations has perhaps
reached its pinnacle; with so many new rules in place, enterprises want to
steer clear of fines for non-compliance.
To wit, the Armonk, N.Y. systems vendor Wednesday drew the curtain on a
number of products and services targeted at helping corporate customers
manage their data in accordance with federal regulations from such bodies as
the Securities and Exchange Commission (SEC).
got in on the act, too, unveiling a security framework that can be tailored to support the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for healthcare and life sciences companies.
Steve McLaurin, partner and certified information systems auditor of IBM’s
Business Consulting Services, said IBM has an advantage over rival vendors
because the company acquired a great deal of auditing mindshare when it
consulting powerhouse PricewaterhouseCoopers last year. IBM is working with
such partners as iLumin, IXOS, KVS, Northrop Grumman, NuGenesis,
SearchSpace, Siemens and VeriSign in its compliance endeavor.
McLaurin said new services include:
a hosted utility solution to satisfy requirements of the USA Patriot Act of
2001, which holds that companies put a program in place to prevent and
detect money laundering
provide financial services companies with a real-time archiving and records
management utility service for e-mail and instant messages to help customers
satisfy meet NASD and SEC regulations, including SEC Rules 17a-3, 17 a-4,
NYSE 342, 440, NASD Conduct Rule 3010/ 3110
combines IBM DB2 Content Manager, DB2 Records Manager and DB2 CommonStore
and services with third-party software from iLumin to help companies meet
SEC and NASD regulations
help manage information within companies in their efforts to comply with
compliance requirements, such as Sarbanes-Oxley, Sect. 404
Stan Lepeak, vice president of Professional Services Strategies at research
firm Meta Group, said no other vendor has as well rounded a portfolio for
compliance solutions as IBM at this point, noting that the company has taken
advantage of its PwC assets to package new services based on existing
IBM Business Consulting Services (BCS) has also released a survey regarding
compliance in which the surveyors found that only one in ten surveyed CFOs
and financial executives view their internal controls as compliant with
Section 404 of the Sarbanes-Oxley Act today, which is eight months before
the compliance deadline. Lepeak said he believed the survey was accurate and
shows that IBM has been scrutinizing the effort as opposed to just throwing
solutions together from its vast pool of resources.
Meanwhile, across the country, Mountain View, Calif.-based service provider VeriSign Wednesday pledged to help companies articulate their management strategies with regard to new healthcare regulations such as HIPAA.
Based on VeriSign’s Intelligence and Control Services, VeriSign will design an information security program consisting of network security, application security, commerce security, and authentication services.
The goal is to grant more control to the customer so they can adapt to future regulations through simple configuration changes, rather than reconfiguring their entire network.
“Today’s healthcare companies face a difficult challenge. They must meet a series of rolling regulatory deadlines, train their people on these new rules, ensure that their partners, such as insurance firms, providers and hospitals, are also compliant — and they must do all this with shrinking resources,” said Ben Golub, senior vice president, VeriSign Security Services. “[We aim] to make the compliance process easier for healthcare providers.”
Other new IBM solutions for compliance include:
data retention capabilities in this software provide non-rewriteable,
non-erasable storage controls to prevent deletion or alteration of data
stored using IBM Tivoli Storage Manager before the policy-based retention
criterion is satisfied
expansion enclosure that utilizes Serial Advanced Technology Attachment
(SATA) disk drives
IBM will create a Write Once Read Many (WORM) media technology for the 3592
tape drive. With it, data on the cartridges can’t be overwritten.
that proprietary information — financial or medical records — is not left
on disk drives
IBM counts ChartOne, i3 Archive, National Account Service Company, JPMorgan
Chase and Viewpointe Archive Services as customers it helps to meet
government requirements with regard to data management and retention.