igor - Fotolia

Get started Bring yourself up to speed with our introductory content.

What's the best way to find enterprise compliance tools?

Looking for compliance tools? Expert Mike Chapple explains why the best place to start the search is within your own information security infrastructure.

I'm interested in managing the compliance policies of my network and endpoint devices. I've seen that the product landscape is quite broad, from simple software tools all the way up to fully integrated appliances. What's the best way to narrow the scope of my product search?

The best place to start looking for compliance tools that monitor the status of systems and networks is in your own information security program. You may already have a tool or suite of tools to manage device security, and those tools may have existing compliance capabilities that are sitting latent or have available add-on modules that can provide compliance tracking with minimal additional expense.

Saving money isn't the only reason to try to adapt existing tools to meet compliance needs. An organization is much more likely to achieve success if it is able to make small modifications to existing capabilities than if it tries to implement an entirely new system or set of tools. Remember, system and network administrators view compliance as a non-value-added burden on their already busy days. Anything that you can do to achieve compliance without increasing that burden will improve the likelihood of adoption and the success of the program.

For example, take a look at the configuration management system used in data centers that manages server configurations and patches. Does the package the system administrators use provide a compliance reporting option? If you can develop (or adapt) your own compliance templates for that tool, it's possible to simply run reports out of that system to detect noncompliant servers without bothering administrators to install yet another agent on the systems.

Similarly, your organization's security program likely already includes a network vulnerability testing tool. Spend some time assessing that tool's capabilities. Does it contain built-in policies and reporting features that meet compliance needs? This is another opportunity to achieve a major compliance victory with minimal investment of time and money.

Compliance professionals should take the time to conduct an inventory of the variety of security tools in use by their organizations. It's likely that many of them have the potential to pull double duty as effective compliance mechanisms.

Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)

Next Steps

Mike Chapple explains how to develop a compliance awareness training program

This was last published in January 2015

Dig Deeper on Data privacy issues and compliance

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What kind of compliance tools does your organization use?
My business uses electronic document management system (EDMS) tools that get custom configured to be able to use the same reporting tools that address and are used by our other compliance systems. We also implement automated workflows for efficiency in delivery of data and secure storage of our business files and sensitive information. These tools have made our workflow move smoother and with fewer glitches, which means less need for IT labor time.
We’ve been using an in-house developed tool called SOX 404 (I know, the irony is not lost!). More recently, however, in the last two years we’ve been moving away from that system and have started using customized ServiceNow modules that provide the functionality we need.