Okay, so you made it through your audit of internal controls for your information technology last year. But can you do it over and over again? If the answer to that question is 'no' or 'not sure,' then SecureInfo Corp., a maker of information security and compliance solutions since 1992, may have a product for you. As it attempts to break into the corporate marketplace, the San Antonio-based company–with a customer list that includes the U.S. Air Force and the Department of Homeland Security– is releasing a commercial version of its flagship business IT security application, ComplianceAuthority 3.5, for repeatable data security and compliance self-assessment oversight. The product helps companies understand their requirements under the Sarbanes-Oxley Act, HIPAA and other regulations and maps those obligations to industry standards of practice.
The latest version makes it easy for a CFO or other executive to oversee the compliance efforts of a company's IT department and assess where the company stands in meeting various requirements. The Web-based system offers a series of questionnaires that are used to assess a company's compliance needs. The system draws on a deep regulatory library and returns a report about where a company's systems satisfy or fail requirements, and recommended fixes. "This allows a CFO to see how the company is doing on information security as part of an overall audit," says Steve Kiser, CEO at SecureInfo. "We cover organizational structure, physical security and informational security and make sure a company understands what it needs [to do] across multiple organizations." ComplianceAuthority 3.5 is based on the COSO and COBIT frameworks.
Among its features, the system can assess where a company stands against industry security standards. Drill-down capabilities let executives pinpoint IT security weaknesses based on a company's existing workflow plans. ComplianceAuthority 3.5 also contains a tool for determining information security risks at organizations acquired through merger and acquisition transactions. Merrill Lynch & Co. and Hewlett-Packard Co. are among the latest companies to have tested ComplianceAuthority 3.5 and now use it in their deployments.
Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.
Your access to unlimited Treasury & Risk content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Thought leadership on regulatory changes, economic trends, corporate success stories, and tactical solutions for treasurers, CFOs, risk managers, controllers, and other finance professionals
- Informative weekly newsletter featuring news, analysis, real-world case studies, and other critical content
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the employee benefits and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
*May exclude premium content© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.