ComplianceCourier automates a set of processes necessary for organizations to achieve compliance with corporate policies and government and industry requirements and to reduce auditing costs. It provides a framework for organizations to institute self-service policy awareness training and testing, and a method to demonstrate policy enforcement, while extending the responsibility and accountability for compliance to the most appropriate resources.
The ability to verify that users have passed a policy awareness test and authorized parties have reviewed, confirmed and corrected their access rights have become critical steps in achieving compliance with regulations like Sarbanes-Oxley, Gramm-Leach-Bliley, HIPAA, EU 95/46/EC Data Protection Directive, VISA CISP and others.
ComplianceCourier aggregates user access data into a summary and then provides it to the appropriate parties for approval, modification or rejection. The results are then packaged in a standard format, which can be used by other applications to trigger appropriate actions such as creating an audit record or automating user provisioning to enforce corrections. Finally, ComplianceCourier provides self-service policy awareness training and testing that can be used to control user access.
"A central part of identity management is the control of user access to resources and applications in strict accordance to policy and regulation," said Gerry Gebel, senior analyst, Burton Group. "Due to external reporting requirements, it's also important that enterprises have tools to measure and demonstrate compliance with legal, regulatory and policy demands."
ComplianceCourier is available immediately as part of Identity Management Suite 7.0 and is priced at a flat-fee license based on size of organization starting at $50,000.