I recently covered the news about Siemens' latest Wi-Fi hardware and software, HiPath Wireless Advanced, which supports compliance with Sarbanes-Oxley (aka Sox), HIPAA, the Gramm-Leach-Bliley Act, and Department of Defense Directive 8100.2, among other government regulations. The Siemens Wi-Fi management component can issue a 20-page report in the blink of an eye, according to Luc Roy, vice president of product planning at Siemens. It allows auditors to know such vital details as the channels on which the data was running, how many files were encrypted, and what other access points were available but not on the system.

Surprisingly, with all the discussion around SaaS (software as a service) in the enterprise, the issue of SaaS supporting public companies' need for Sox compliance has yet to be discussed. However, it's difficult to nail down what it means for an SaaS company to be Sox-compliant for the benefit of its customers.

Ian Campbell, CEO of Nucleus Research has a go at an answer. Where SaaS providers used to have to worry about only the technology, he says, when it comes to compliance there is another piece they now need to look at -- whether they have the right processes in place so that, when their customers are audited, the applications and processes delivered online offer the kind of information an outside auditor will accept?

I called the No. 1 SaaS vendor, Salesforce.com, to ask if it was incorporating some sort of special Sox compliance into its solution. Unfortunately, the spokesperson said he could find no one who could talk about it. I found that strange.

Nevertheless, because Salesforce.com is a public company it has already undergone the scrutiny of a Sox audit. I assume that, by extension, that will be good enough for its customers. It's the private companies, which currently aren't required to comply with Sarbanes-Oxley, that you must be concerned about.