Governance, Risk & Compliance Monitor

IT Governance Expands US Offering With New ANSI Deal

2010-06-11T14:00:00.000-07:00

IT Governance (ITG) is expanding the company’s international presence with a new deal to sell American National Standards Institute (ANSI) standards through: www.itgovernanceusa.com. The standards are a vehicle for the adoption of ISO27000 standards in the US. ITG, the one-stop shop for compliance expertise, already has similar reseller agreements with leading standards bodies including IEC (International Electrotechnical Commission) and BSI (British Standards Institution). Alan Calder, Chief Executive of IT Governance, says: “We continue to grow and grow. This deal proves, yet again, that ITG offers an unparalleled range of compliance expertise, both online and in person.” ITG will particularly concentrate on selling ANSI’s IT-related standards, although the new agreement actually allows the company to sell ANSI’s entire range of standards. Calder continues: “We’ll be selling the ANSI standards both as stand-alone products and within the US versions of our very popular information security management system toolkits.

“It’s great to know that ANSI recognizes the quality of ITG USA as a distributor. I’m sure we’ll be welcoming new customers as a result of this deal. Our many established US customers already know that we offer a top-class service – a broad range of publications at industry-leading prices – through a site that is easy to navigate and use. We increasingly offer downloadable products alongside traditional hard copies, which is not only convenient, but also brings environmental benefits.”

ANSI is the voice of the US standards and conformity assessment system. The Institute oversees the creation and use of thousands of standards and guidelines that directly impact businesses in nearly every sector of US industry. ANSI is the official US representative to the International Organization for Standardization (ISO). The Institute’s mission statement is: “To enhance both the global competitiveness of US business and the US quality of life by promoting and facilitating voluntary consensus standards and conformity assessment systems, and safeguarding their integrity."

The Network and BDO Consulting Release the 2010 Corporate Governance Benchmarking Report

2010-06-10T13:22:00.000-07:00

The Network, Inc. and BDO Consulting released the 2010 Corporate Governance and Compliance Hotline Benchmarking Report. The Network and BDO Consulting closely examined compliance hotline-related activity from 2005 to 2009 in order to provide a comprehensive overview of the critical ethics and compliance issues facing organizations. Following a surge of in-house fraud reporting from first quarter 2006 (10.9 percent) to first quarter 2009 (20.6 percent), fraud-related incident reporting leveled at 20.2 percent in first quarter 2010, according to the benchmarking report. Personnel management incidents, which include a variety of human resources matters, remain the leading incident category across all industries. The category also includes incidents related to wage and hour and management interaction.

“The goal of this annual benchmarking report is to identify emerging best practices for hotlines and other reporting mechanisms and to provide a framework by which readers can assess their own compliance programs,” said Luis Ramos, chief executive officer of The Network. “As the economy rebounds, many organizations worldwide are focusing on risk identification, management and mitigation to provide a strong platform for growth.” The 2010 Corporate Governance and Compliance Hotline Benchmarking Report reflects the largest pool of data to-date with 524,628 reports over a five-year period from 2005 to 2009. In 2009, 117,303 reports were pulled from 1,101 organizations with more than 13 million employees. The data is compiled from actual incidents reported by clients of The Network and was analyzed by BDO and The Network. Download this new report via The Network's web site

ISACA White Paper Presents Top Five Social Media Risks for Business

2010-06-07T14:35:00.000-07:00

ISACA today named the top five social media risks for business and recommended solutions to help businesses address security, customer service and corporate reputation risks raised by their employees’ use of social media—on the job and off. Developed by a team of global ISACA experts, the white paper goes beyond the traditional look at social media in the workplace to address employees’ use of social media outside of work. It also provides detailed how-to tips for effective social media governance.

“Historically, organizations tried to control risk by denying access to cyberspace, but that won’t work with social media,” said Robert Stroud, CGEIT, international vice president of ISACA and vice president of IT service management and governance for the service management business unit at CA Technologies. “Companies should embrace it, not block it. But they also need to empower their employees with knowledge to implement sound social media governance.” Since tools like Facebook and Twitter don’t require support from the IT department, they can be introduced by a business unit, marketing team or individual employees, and bypass IT, HR and Legal. This issue is reflected in IT department attitudes—62% of respondents to the 2010 ISACA IT Risk/Reward Barometer rated the risk posed by employees visiting social networking sites or checking personal e-mail as medium or high.

“The greatest risks posed by social media are all tied to violation of trust,” said ISACA Certification Committee member John Pironti, CISM, CRISC, and president of IP Architects LLC. “Social media is built on the assumption of a network of trusted friends and colleagues, which is exploited by social engineering at great cost. That is why ongoing education is critical.” A free copy can be downloaded at www.isaca.org/research.

BoardDocs Paperless SaaS Solutions Now Supported on the Apple iPad

2010-06-05T14:13:00.000-07:00

Paperless governance market leader BoardDocs^® today announced that its BoardDocs Pro and BoardDocs LT solutions are now supported on the Apple^® iPad™. This support brings together two market leaders to provide BoardDocs users with an absolute best-in-class way to access BoardDocs SaaS offerings. This latest service advantage exemplifies how the Company maintains category leadership by responding rapidly as new technologies become available.

BoardDocs services are proven to save many organizations tens of thousands of dollars annually – a top priority in tough economic times when governing bodies are under the microscope for spending. User organizations also see a dramatic increase in their board’s effectiveness and in their administrative time-of-staff productivity. The low-cost and compact mobile iPad device represents an ideal match for individuals in this demanding environment. BoardDocs is the leading eGovernance provider with more than 350 organizations subscribing to its services and was named to CRN's Fast Growth Technology Companies list last year. With BoardDocs services, virtually any browser can be selected to deliver a flexible and responsive user interface. Plus, only BoardDocs supports every implementation with dedicated project management, unsurpassed on-site training and 7 x 24, toll-free, US-based technical support, included with every subscription.

IT Governance Offers Safe Route to the Benefits of Cloud Computing

2010-02-01T11:57:00.000-08:00

IT Governance (ITG) is helping companies find the efficiencies and savings of cloud computing without putting business information at risk. Through cloud computing, a company’s IT functions are moved to an external, shared service provider and accessed over the Internet. Data is no longer stored in-house and software applications are no longer owned by the company. IT Governance’s latest book, Above the Clouds: Managing Risk in the World of Cloud Computing (http://www.itgovernance.co.uk/products/2826), explains the potential benefits of adopting this approach.

Author Kevin T. McDonald challenges the misconception that cloud computing must necessarily offer weaker data protection than an in-house server. In fact, he argues that cloud computing can help to defend an organisation from IT security threats such as denial-of-service attacks, viruses and worms. The risk management process begins when choosing a service provider. McDonald says: “You need to be confident that your business information will be secure. You need to make sure you carry out due diligence on the service provider before you entrust this firm with your vital data. The challenge for procurement professionals is determining what questions to ask, what assurances should be in the contracts and how much risk is being assumed when a service is moved to the ‘cloud’.”

McDonald says the concept of ‘outsourcing to the cloud’ is proving increasingly attractive to companies seeking to save money. “The cost is falling dramatically, which means it’s no longer rare for a company to consider cloud computing.” A company is charged for the use of software applications, and for data storage, just like being charged for electricity. In only paying for the resources used, therefore, operating costs can be reduced. After all, as McDonald explains, in-house data centres typically leave 85%-90% of available capacity idle. Visit the ITG portal for complete service details

ScriptLogic launches Enterprise Security Reporter® 3.7 and File System Auditor™ 2.5 for PCI DSS

2009-12-21T15:50:00.000-08:00

ScriptLogic Corporation released the latest versions of two products, Enterprise Security Reporter® 3.7 and File System Auditor™ 2.5, with enhancements that help IT administrators and their companies comply with rules dictated by the Payment Card Industry Data Security Standard (PCI DSS).

To combat security breaches in which customers’ personal and financial data have been compromised, several payment processing companies developed PCI DSS, which establishes common processes and precautions for handling, processing, storing and transmitting credit card data. Several ScriptLogic products assist PCI compliance efforts by closely controlling credit card information or creating reports to demonstrate that controls are in place.

“ScriptLogic’s solutions help IT administrators meet PCI rules, which apply to any company–regardless of size–that processes or handles credit card information,” said Nick Cavalancia, vice president of Windows management, ScriptLogic. “Numerous ScriptLogic customers, including law firms, healthcare organizations and small businesses within other industries have incorporated our solutions into their compliance processes. Today’s announcement brings them new features to simplify those efforts.” Visit the ScriptLogic product portal for full details

Oracle Delivers New Governance Risk and Compliance Suite

2009-12-07T12:52:00.000-08:00

Oracle has extended its Governance, Risk, and Compliance application suite, offering a complete, end-to-end, integrated answer to GRC needs. Oracle has introduced Oracle® Enterprise Governance, Risk, and Compliance Manager (Oracle Enterprise GRC Manager) and the latest release of Oracle Enterprise Governance, Risk, and Compliance Controls (Oracle Enterprise GRC Controls) to deliver a unique, closed-loop approach to regulatory compliance, risk management, and controls automation.

Oracle’s Enterprise GRC Manager and Enterprise GRC Controls are tightly integrated so organizations can align the identification, assessment, and prioritization of risks with the ideal risk treatment through a combination of both manual and automated controls. This integrated approach gives organizations an enterprise understanding of which risks are critical and enables an immediate and coordinated response. Oracle Enterprise GRC Manager supports cross-enterprise, risk-based modeling, analysis, treatment and decision making, allowing organizations to embed clear accountabilities for risk management and control across the enterprise. Oracle's press room offer complete feature and performance details

SymSoft Enhances ControlPanelGRC™ Suite By Adding Web-Enablement

2009-11-09T11:20:00.000-08:00

SymSoft announced it has included several enhancements in the latest release of ControlPanelGRC, the company’s second-generation suite of modular, integrated GRC applications that address the major areas of compliance. The enhancements were all created to simplify use and save time for both users and administrators.

Key among the additions is that ControlPanelGRC is now Web-enabled, allowing users to access the full functionality of the solution from a PC, laptop or mobile device, anywhere they can get an Internet connection. As a result, they can perform certain actions, such as submit approvals, run queries, enter data or execute other GRC-related operations after hours or anytime they are in a remote location.

“Many of our enterprise customers rely on mobile devices to stay in touch,” said Scott Goolik, Chief Technical Officer (CTO) at SymSoft. “Many also have key personnel working in remote offices, either temporarily or permanently, or are constantly on-the-go in airports and elsewhere. By Web-enabling ControlPanelGRC, we are able to help them take advantage of its powerful GRC tools without having to go to extraordinary lengths.”

MEGA Adds Compliance Solution Capabilities

2009-10-05T14:21:00.000-07:00

MEGA is adding new capabilities to its compliance solution to help companies adopt a complete approach to compliance management. Designed to help compliance officers, internal auditors, and risk managers, the MEGA Solution for Compliance is ideal for leveraging regulatory issues to improve business performance. The solution includes all of the tools necessary to define a company’s risk universe, streamline control documentation, assessment and testing processes, and establish appropriate control systems and remediation plans. The new features – control testing, multi-compliance support, and acknowledgement of policies – and extended campaign management capabilities address evolving requirements in compliance management:

Control testing allows continuous and periodic control assessment against all components of regulations. Compliance managers can manage tests, plus establish questionnaires, testing responsibilities, and schedules, enabling them to consolidate all results in time to meet regulatory deadlines.
Campaign management features and customized workflows ease the deployment of questionnaires and improve verification of results.
Multi-compliance support centralizes all information about the company’s compliance environment including processes, internal policies, and procedures, making it easier to determine the appropriate level of compliance. Extended automatic analysis and reporting enable gap analysis between existing and required levels of compliance.
Acknowledgement of policies is managed through workflow, insuring that users acknowledge document receipt, thus verifying compliance throughout the enterprise.

“Because the software is based on a risk approach and is integrated with business process analysis, it provides a comprehensive means to manage and control compliance programs,” explained Lucio de Risi, MEGA CEO. Visit the MEGA Solution for Compliance solution portal for complete feature details

Stibo Systems Helps Organizations Address Data Quality, Data Governance and Data Synchronization Challenges with Enhanced MDM Software

2009-10-05T13:53:00.000-07:00

Stibo Systems today announced the general availability of STEP version 5.1 — an enterprise master data management (MDM) platform that combines best-of-breed data quality, data governance and master data management software into one platform. Stibo Systems is integrating the powerful Datactics data quality engine as an optional component within its flagship STEP master data management software suite.

“We are excited to work with Stibo Systems to enhance the company’s MDM offering with our data quality software,” said Jon Brooks, CEO of Datactics. “Datactics’ engine reaches far beyond traditional cleansing of name and address data to also embrace product data, which is extremely complex and often contains hundreds of attributes — such as currency, price and dimensions — and is derived from multiple systems.”

The new STEP Data Quality application enables faster and more accurate data cleansing with fewer errors, minimizing the burden placed on the business user. An intuitive and configurable user interface considerably improves searching and cleansing of duplicate records in very large data sets. This approach to advanced data cleansing ensures a high degree of accuracy across many different data domains such as customer, product, vendor and location data.

“We are working closely with our customers to deliver a complete solution for master data management,” said Mikael Lyngsø, CEO of Stibo Systems. “Poor data quality is a pervasive and far-reaching issue that continues to hamper business performance across industries. Many companies’ efforts to improve data quality are met with high costs and mixed results. However, with the addition of the Datactics engine, our customers can reduce MDM risk and costs while achieving a much greater degree of information integrity.” Visit Stibo Software's product portal for complete featur details

SymSoft ControlPanelGRC™ Provides SAP® Users with Second-Generation Solution

2009-10-05T13:37:00.000-07:00

SymSoft Corporation, a provider of Governance, Risk, and Compliance (GRC) solutions for SAP® environments, today announced the general availability of ControlPanelGRC, a second-generation suite of modular, integrated GRC applications that address the major areas of compliance concern at every level for SAP users, especially in heavily regulated industries. For the first time, organizations can embed compliance and automate workflows through capabilities unavailable before – in a cost-effective manner. Ultimately, the results drive business innovation and competitiveness.

“In this present era, where governance and economic conditions seem to be at odds, it’s important for companies to leverage their GRC activities to drive more value to their enterprises,” said Dan Wilhelms, President and CEO of SymSoft Corporation. “ControlPanelGRC also gives users the lowest total cost of compliance through its thoughtful design and functionality while also providing a significant overall cost advantage, which makes it more affordable for organizations that need it.”

Developed by SymSoft and supported by Symmetry Corporation’s 14 years of SAP experience, ControlPanelGRC provides a robust toolset with functionality not available from first-generation products. As a result, executives can satisfy compliance requirements while workflows for SAP Security and Technical administration are accelerated for improved productivity and responsiveness.

“ControlPanelGRC’s second-generation solution reduces the time, expense and distractions associated with manual audits by embedding compliance into day-to-day operations and business processes,” Wilhelms said. SymSoft's solution portal provides complete technical details

IQnetworks Introduces ComplianceVue Packages for PCI, NERC and HIPAA

2009-09-09T14:13:00.000-07:00

eIQnetworks, Inc. has introduced the ComplianceVue™ Packages, a turnkey offering to address compliance reporting requirements based on its SecureVue® security and compliance management platform. The ComplianceVue packages (PCIVue™, NERCVue™, and HIPAAVue™) provide detailed compliance reporting across more than just log data, greatly surpassing the capabilities of competitive products. ComplianceVue packages are available immediately to address PCI DSS, NERC CIP and HIPAA regulatory requirements.

“eIQnetworks already correlates data from more data sources than any other solution on the market, and for that reason SecureVue is uniquely positioned to identify sophisticated in-progress attacks or vulnerabilities that log-only solutions will miss,” said Vijay Basani, eIQnetworks’ CEO. “With the ComplianceVue packages, eIQ now offers a turnkey solution for comprehensive compliance reporting across a broad range of security data including events, configuration data, vulnerabilities, and network flows, proving again that ‘log data is not enough’ to properly prove adherence to regulatory rules.”

The new ComplianceVue packages include a SecureVue Central Server, and the associated compliance reporting modules and dashboards required to provide necessary documentation for regulatory-driven audits. Reporting is effortless, and section-specific compliance reports are directly linked to appropriate rules and requirements of each supported regulation, best practice, or standard. Interactive dashboards provide real-time views into key compliance metrics, and provide drill-down into underlying data to support comprehensive internal and external auditing needs. Most importantly, eIQ’s support of more than just log data means that the ComplianceVue packages include system configuration changes, data flow patterns across the network, and even system performance and availability when substantiating technical controls. Additionally, SecureVue’s built-in security features, including monitoring, alerting, workflow management, and visualization tools – all built on the industry’s most advanced, high-performance database – provide enterprises with the tools needed to align compliance and security efforts. Visit eIQnetworks' portal for complete solution details

Continuity Engine Launches "Control" FFIEC Compliance Platform

2009-08-31T13:33:00.000-07:00

Continuity Engine announced the launch of its compliance platform, Control. Control is a Web-based SaaS (Software as a Service) solution that lets users simplify the work of compliance by turning it into a set of simple steps, automating those steps and delivering all of the reporting to satisfy oversight needs. The Control bundles compliance steps into ActionPacks, and offers them through the ActionPack Library. Each ActionPack is based on Federal Financial Institutions Examination Council (FFIEC) guidelines and supported by a compliance guarantee. ActionPacks provides policies, tasks and assignments, so that all of the annual oversight, periodic reviews and routine operational tasks get to the right people at the right time. There are currently over 50 ActionPacks in the library, with more than 200 expected by the end of the year. ActionPacks can be purchased one at a time, so banks and credit unions can use Control to economically solve the problems they have.

“After living through the examination scramble each year, we wanted to create a product that takes the chaos out of compliance and just makes it simple,” Andy Greenawalt, founder and CEO of Continuity Engine, said. “Early reports are that Control and the ActionPacks reduce the headaches and costs by more than 70 percent. You can think of Control as a compliance tax relief program.” Visit Continuity's Control portal for complete solution details

Qualys and Archer Technologies Partner to Expand IT-GRC Capabilities with Comprehensive Vulnerability and Compliance Data

2009-08-10T12:58:00.000-07:00

Qualys®, Inc., a provider of on demand IT security risk and compliance management solutions, and Archer Technologies, a provider of enterprise governance, risk and compliance (GRC) solutions, have partnered to make QualysGuard® vulnerability management and compliance data available to Archer’s Fortune 1000 clients. The integration of QualysGuard with Archer’s GRC platform—the Archer SmartSuite Framework—allows clients to automatically import comprehensive scan information from global assets into the Archer Threat Management solution.

Qualys and Archer have utilized the Archer Data Feed Manager to integrate their technologies and deliver a pre-built integration package on the Archer Exchange, an online marketplace supporting enterprise GRC initiatives. Companies can download the integration package and import it into their Archer environment within minutes. Additionally, the Data Feed Manager’s graphical interface allows technical business users to manage the QualysGuard integration without relying on development resources to make changes.

“Today’s organizations are faced with many challenges to manage and maintain security risk and compliance initiatives on a global scale,” said Philippe Courtot, Chairman and CEO of Qualys. “We are pleased to be a partner with Archer to offer customers a proven, scalable and cost effective solution to assess risk and collect IT compliance data for all systems within their networks at a cost they can afford.” Visit the solutions page on Archer Exchange for complete details

Continuity Engine Expands Presence with New Funding & Partnership

2009-08-05T14:30:00.000-07:00

Continuity Engine, the creator of an on-demand platform that offers solutions to the regulatory compliance process for community financial institutions, recently announced the closing of its oversubscribed funding round with the addition of a $500,000 investment from First Round Capital. This closes the round at $1.9 million from Connecticut Innovations, First Round Capital, Launch Capital and a series of notable angel investors, including Mike Nicastro, who will be serving on the board of directors. Continuity Engine is introducing a new way for financial institutions to share best practices and using that information to simplify the compliance process. This effort is now not only supported by investments, but also a partnership with the Independent Community Bankers of Minnesota (ICBM).

“First Round Capital represents the best of a new wave of venture firms and I’m thrilled that they see the same great opportunity with Continuity Engine that we do,” said Andy Greenawalt, founder and CEO of Continuity Engine.

Continuity Engine has also partnered with the ICBM to bring the concept of crowdsourcing to the banking industry. By leveraging the power of social media and the crowd, ICBM members will interact, share, answer each other’s questions and get work done through online collaboration.

“Within Continuity Engine’s Control platform, bankers can organize and work on issues together,” said Jim Kisch, CSO of Continuity Engine. “One of the ways banks and credit unions are organizing is by state and the ICBM is leading the way. The ICBM has led the independent community banks of Minnesota with its efforts in the state legislature, publications, investments in training and innovative technology programs. This year the ICBM is taking another pioneering step and will be the first bank trade association to host a comprehensive online forum for bankers to discuss relevant topics, share policies and procedures and meet and socialize with other bankers.” Visit the Continuity Engine portal for complete solution details

Pilgrim Software Introduces SmartInsight™ for Generating Business User-Centric Compliance and Quality Reporting

2009-08-04T12:11:00.000-07:00

Pilgrim Software, Inc., a world-leading provider of Enterprise Compliance and Quality Management (ECQM) software solutions, today announced the global availability of its SmartInsight™ Report Writer product. SmartInsight enables business users to quickly gain visibility into all their compliance and quality management data by allowing them to develop, format, and control the content, and publish the reports to the right users. It extends the built-in reporting functionality of Pilgrim’s SmartSolve® platform by allowing system administrators and business analyst users to easily create professional, custom log reports that they can save and reuse.

SmartInsight is the next key capability in Pilgrim’s growing list of products that provide the ability to design, tailor, and use Pilgrim’s flagship product platform solution, SmartSolve. SmartInsight is a 100-percent web-based tool designed to put reporting flexibility directly into the hands of business users. This new solution eliminates the need for IT to develop simple to complex reports with tools to which typically only IT has access. SmartInsight allows for reports to be designed easily with no technical or special programming skills required. The solution provides extreme reporting flexibility for creating any type of log reports, including consolidated or summary reports, in one simple drag-and-drop mode, and in a point-and-click style. Visit the Pilgrim Software portal for complete solution details

Banker’s Toolbox Introduces Outsourced BSA/AML Monitoring and Compliance Services

2009-07-24T12:30:00.000-07:00

Banker’s Toolbox, a provider of comprehensive solutions to help financial institutions detect and eliminate money laundering and check fraud, announced the release of BSA Express™, a software and monitoring bundle developed to provide financial institutions with an economical approach to meeting Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance standards.

BSA Express combines Banker’s Toolbox’s proven anti-money laundering management software (BAM™) with outsourced monitoring services from an experienced team of in-house risk management consultants who have trained hundreds of financial institutions on Banker’s Toolbox products. The Certified Anti Money Laundering Specialists (CAMS) and former BSA Officers on the monitoring team at Banker’s Toolbox carefully examine account activity and analyze suspicious transaction patterns. As a result, BSA Express allows banks to redistribute valuable resources needed to train and maintain a qualified compliance staff without the pitfalls associated with traditional outsourcing, such as foreign country risk or loss of oversight.
“For financial institutions looking to use proven methods to cut costs in this challenging economic environment, automation and outsourcing are cost-effective alternatives to adding in-house resources,” said Daniel Cho, chief executive officer, Banker’s Toolbox. “The differentiators we can offer with BSA Express are that all data remains safely on financial institution’s data servers, and our qualified staff already know how to utilize our compliance software to its maximum potential, putting it to use immediately after installation.” See the Banker's Toolbox web site for complete solution details

ISACA Leader Calls for Fundamental Changes to Information Security

2009-07-22T13:21:00.000-07:00

At ISACA’s International Conference in Los Angeles this morning, security professional John Pironti called for a sweeping change in how enterprises deal with information security. “Security by compliance is no longer working,” said Pironti, who is president of IP Architects and an ISACA volunteer. “The number and impact of security breaches have dramatically increased in the last couple of years, even though companies were in compliance with standards like PCI, GLBA, FFIEC, FISMA and others.”

If organizations continue to focus on security by compliance, he argues, the adversaries will continue to win as their attacks become more effective and more damaging. “Compliance can be a good starting point for securing information infrastructure and data if an organization has not put anything in place previously, but it cannot be the end point of the conversation.” “We need to change the fundamental approach to the way enterprises deal with information protection,” Pironti said in his “Information Security 2.0” presentation at ISACA’s conference. “We need to stop thinking about information security and start thinking about information risk management.”

Information risk management requires more input from and decisions made by the business, instead of solely by security professionals and regulators. Explaining the difference between the two, Pironti said, “Information security sets the tone for organizations that forces them to put measures in place that may actually end up preventing the business from being successful. Risk management gives the organization the power to make the security decisions that align with its business requirements and then implement appropriate controls.” Visit the ISACA web site for complete conference details

Healthcare Organizations Tighten up Security with Accellion

2009-07-22T12:02:00.000-07:00

Healthcare organizations are held to strict government compliance mandates that require the highest levels of security and confidentiality. With IT security issues a top priority, the need to safeguard the transfer of confidential data is elevated. In their quest to secure the transfer of information, healthcare organizations are turning to Accellion Managed File Transfer.

“Accellion is changing the way healthcare organizations collaborate by removing the IT complexities and security concerns traditionally associated with sharing information electronically,” said Yorgen Edholm, president and CEO of Accellion. “The Accellion Managed File Transfer solution features a familiar email-like interface that is simple to use yet secure enough to meet the strictest security requirements.” “HIPPA compliance and confidentiality is always a major consideration when we look at purchasing software,” said Jim Forrester, IT security analyst for Vantage Oncology. “Accellion’s Managed File Transfer solution enables us to share confidential data in an extremely secure manner while providing the necessary tracking and reporting to meet HIPAA mandates. Because it is easy to use it requires no IT intervention.” visit the Accellion Managed File Transfer product page for complete solution details

Cypress Software Introduces New Lending Compliance Module to Help Financial Institutions Combat and Prevent Fraud and Terrorism

2009-07-15T13:58:00.000-07:00

Cypress Software Systems LP today introduced the Red Flag/PATRIOT Act/OFAC Compliance Module for its Mark IV consumer lending software. The new offering gives financial institutions necessary checks and balances during the loan underwriting process to prevent and report fraudulent and terror-related activities. The new module also gives Cypress Software clients the peace-of-mind that they can quickly and easily demonstrate their compliance efforts and results, should bank examiners request proof. During the loan application process, the module “scrubs” every piece of information to provide true, comprehensive homeland security requirements.

“This new module is an important step to further protecting our clients against fraudulent and terror-related activities, while enhancing their overall credit risk management,” said Steve Croft, senior vice president of Cypress Software Systems. “Scams like identity theft are growing concerns for financial institutions and consumers alike, and this module, combined with our automated lending software, gives them added protection against increasingly sophisticated fraud techniques.” See the Cypress software products page for complete technical details (www.go-cypress.com/our-software)

Information Security & Risk Management Conference - ISACA (Sept 28-30)

2009-07-13T14:03:00.000-07:00

ISACA's Information Security and Risk Management Conference is an adaptation of the Network Security Conference and the Information Security Management Conference that combines elements of each to be an all-encompassing security event, The Information Security and Risk Management Conference merges network security, information security management and risk management. Attendees can earn up to 32 continuing professional education (CPE) hours; 18 for the conference, and 7 for each day of a workshop.

Keynote speakers will include Jim Reavis President, Reavis Consulting Group LLC Executive Director of the Cloud Security Alliance and Meenu Gupta President of Mittal Technologies. See the ISACA portal for the complete agenda and speaker roster

MEGA Cited as a Strong Performer in Enterprise GRC Report

2009-07-06T14:25:00.000-07:00

Forrester Research, Inc. has issued The Forrester Wave: Enterprise Governance, Risk, And Compliance Platforms, Q3 2009 (July 2009), naming MEGA as a strong performer in the enterprise governance, risk and compliance (GRC) market. MEGA’s own top ratings were for client reference scores, GRC management and analytics, risk and control management, and the company’s financial viability. Forrester evaluated 14 top enterprise GRC vendors against 80 criteria in the categories of current offering, strategy, and market presence. Each of these top vendors was found to have broad GRC capabilities, a substantial number of GRC customers, and significant thought leadership and mindshare.

The report said, “MEGA offers many unique advantages to customers as one of the few GRC platforms with a proprietary risk engine and a leading product in the business process analysis market.” “The market continues to evolve to a more holistic approach to GRC, as an opportunity for organizations to improve operational efficiency and meet requirements,” noted Lucio de Risi, CEO, MEGA. “This trend corresponds to MEGA’s 20-year history of helping large enterprises worldwide improve business performance. We are proud to be named by Forrester in its evaluation of top enterprise GRC vendors.” See the Mega company web site for full details

BWise Named a Leader in Enterprise GRC Platforms by Forrester Research

2009-07-01T16:46:00.000-07:00

BWise, a leading provider of Governance, Risk and Compliance (GRC) Management software solutions, today announced that it was cited as a leader in Enterprise GRC Capabilities in the July 2009 report, Forrester Wave™: Enterprise Governance, Risk and Compliance Platforms, Q3 2009 by Chris McClean with Robert Whiteley, Khalid Kark, and Alissa Dill.

“The BWise platform remains one of the most impressive products in the GRC platform market, with strong technical capabilities in all the categories evaluated,” according to the report. Luc Brandts, CTO and Founder of BWise, said, “We are extremely proud to be recognized as a leader by Forrester. We believe it is a reflection of our dedication to our customers and their governance, risk management and compliance requirements. The BWise platform is a true GRC platform, distinguishing itself from the competition with its process management layer. This enables users to accurately get in control of all of their companies risks and to truly integrate all GRC initiatives.”

According to the report, “[BWise’s] value proposition for enterprise risk management (ERM) was among the highest of the vendors evaluated, and its value proposition for corporate governance earned top scores.” Robert Pijselman, CEO of BWise said, “Everyone at BWise is extremely proud to have been chosen as a leader. It’s a true honor, and accentuates the commitment that we have to deliver an outstanding enterprise GRC platform. We would like to thank all of the BWise customers for their trust and help to make this happen.” See the BWise press elease for complete details

PCI Security Standards Council Invites Collaboration On Next Generation Security Standards

2009-06-26T13:05:00.000-07:00

The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), today announced upcoming feedback opportunities that are part of the Council’s transparent, standards management lifecycle process. During phase two of the lifecycle process, between July 1 and November 1, 2009, merchants, processors, financial institutions and other key stakeholders have the opportunity to provide detailed and actionable feedback in an effort to revise future editions of the Council’s standards to improve payment data security.

This year the Council will roll out an online feedback tool to make it easier for organizations to prepare feedback on the PCI DSS and PA-DSS standards on up to five key areas of their choosing. This form will be distributed electronically on July 1 to the Council’s more than 600 Participating Organizations. As part of the ongoing feedback process, the Council is also announcing the dates and locations for its annual Community Meetings, where stakeholders, such as retailers and banks, have an opportunity to proactively propose and discuss revisions to the next iteration of the Council’s standards. The Council will host two events, one in North America and one in Europe, ensuring broad global discussion of the PCI security standards among stakeholders. See the PCI Security Standards Council web site for further details

2009-06-25T12:54:00.001-07:00

k6qbprhej3