Problem solve Get help with specific problems with your technologies, process and projects.

Technology to automate SOX compliance according to COBIT frameworks

How effective are automated compliance solutions at easing a enterprise's compliance burden? In this expert response, learn what resources can be most helpful for your enterprise when complying with SOX.

I heard about some new products that promise to automate SOX compliance, often using a specific framework like COBIT. What do these products actually do, and generally how effective are they at easing an enterprise's compliance burden?

There are a variety of products that purport to help automate SOX compliance, largely via a combination of scan data analytics from a vulnerability analysis product, like those made by Qualys Inc. or Sourcefire Inc., and checklists of controls that are part of the standard COBIT framework.

I haven't done a detailed analysis of this space, but I highly suspect there is nothing in these products that can't be done equally well, if not better, by a good project manager, a good security manager and a spreadsheet program. Essentially, what is needed is someone who understands the technology and how it's deployed (a security manager), someone to track objectives and help interface with other groups when necessary (a project manager) and some software to track the goals and objectives (a spreadsheet). Like many things in the IT world, measuring compliance is a pretty basic task, though the actual details can get complicated.

The value of commercial compliance products really comes in if the company doesn't have the resources or time for a project manager or doesn't have a lot of in-house experience when it comes to dealing with audits and auditors. In that case, especially when using a product the auditors are familiar with, software like this may save some time during an audit.

For more information:

This was last published in November 2009

Dig Deeper on Security audit, compliance and standards

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.