Charter: Generator, supplier and distributor of electric power

Modules in use: BindView Admin for Windows and Exchange 7.2, BindView Control for Windows and Active Directory and Exchange 8.0, BindView Control for Oracle Database 8.1, BindView Control for Unix 8.0 and BindView Compliance Center 2.1, from BindView Development Corp. (acquired last month by Symantec Corp.)

Requirements: In 1999, Constellation Energy began using a suite of network monitoring software called BindView Control to determine which of its servers and applications various employees had access to. The software identifies financial information that resides on those applications and servers to help Constellation Energy determine whether it has the appropriate controls and so-called segregation of duties in place. That allows it to restrict access to that information in order to meet the requirements of regulations such as the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act.

How the software works: The BindView Control modules examine access-control lists for Constellation Energy's Oracle, Windows and Unix systems. "Some of the things we're looking for are not only who has access to the servers but the applications on that server as well," says John Petruzzi, director of enterprise security at Constellation Energy. Meanwhile, the Compliance Center module takes a snapshot of the company's IT controls environment to indicate "where we need to focus our attention" in terms of remediation and testing, says Petruzzi.

Customization required: BindView's professional services division customized the reporting capabilities for Constellation Energy.