Diana Kelley, Burton Group analyst, presented this session at Information Security Decisions Fall 2005.
Many products tout "out-of-the-box" compliance capabilities for Sarbanes-Oxley, HIPAA and other regulations.
While there's no denying that technology can help automate the compliance process, purchasing a single tool that comes pre-configured for corporate compliance is not realistic. In this session, Burton Group analyst Diana Kelley explores what companies need to think about when creating policies for compliance and discusses selection criteria for some of the key technologies that aid in the process, such as documentation management, auditing and SIM tools. She also tackles the effectiveness of compliance "dashboards."
In addition to the specifics above, this presentation:
- Shows you why compliance isn't a product
- Demystifies compliance vendors' claims
- Helps you create a compliance framework
- Enables you to leverage tools and technologies for compliance
This was first published in October 2005