Software helps organizations get compliant

09.03.2006
New software from Symantec Corp. may help make it easier for organizations to comply with various regulations like Sarbanes-Oxley and PIPEDA.

Released in March, Symantec BindView Policy Manager 3.0 allows organizations to do three key things to help with policy and compliance management, according to Indy Chakrabarti, product-marketing manager for Symantec.

The offering lets organizations create policies by either importing existing ones or using sample templates provided in the program. Using these templates, it is possible to create a malware policy that states antivirus is installed, up-to-date and running in the organization as well as attest that people have read that policy.

Policy Manager also allows organizations to validate compliance with regulations and frameworks, something for which many organizations have often struggled, said Chakrabarti.

"It can take large organizations forever to do audits for compliance. They will have multiple audits ongoing and have to redo audits for every regulation in every quarter," he said. Auditors are usually working from multiple spreadsheets with hundreds of sub-objectives or policies to make sure they are complying with multiple regulations, he added.

Chakrabarti said Policy Manager eases the workload on auditors by breaking down all regulations and frameworks into basic units that are common across all and allows links to those units in order to control statements that might, for example, ensure antivirus is installed within the organization. Through these links an organization can demonstrate compliance with required regulations, he said.