The software also lets organizations demonstrate compliance. Policy Manager places all compliance information gathered from different IT administrators and antivirus tools, backup and data protection programs into one location rather than having to obtain the information from individual sources each month. For example, information that showed antivirus did run on a particular server would be stored with the malware policy.

However, Chakrabarti said Policy Manager only informs organizations that there are compliance problems. It doesn't fix them. If the program discovers any noncompliant servers or workstations, then a second software program such as Symantec's Compliance Manager 3.0 is needed to solve the problem.

"Regulations actually require you to have segregation of duties where one person reports on compliance issues and another fixes things," Chakrabarti said.

James Quin, a senior research analyst with London, Ont.-based Info-Tech Research Group, said using policy management software like Symantec's provides savings. He said it costs an average public company millions of dollars a year to hire third-party compliance auditors.

"Sarbanes-Oxley compliance is a specialized field and requires a significant amount of manpower," Quin said. Having a tool that easily validates compliance shortens the time required to prove compliance and cuts the cost, he said.