Policy Compliance Overview

“NHS Fife had already recognised the need to create a IS culture throughout the organisation… the IS workshops provided by Sapphire’s consultants enabled our staff to understand the relevance of the standard to their individual roles…”
IT Services Continuity Manager, NHS Fife

Regulatory compliance will be the top business issue affecting all organisations in 2012 - business issues such as compliance, governance and information security management will continue to dominate most managers, but the increase in regulations, data breaches and new technologies such as cloud computing and the rise of personal devices in the workplace are accelerating complexity and risk.

From the growing number of government regulations to consumer privacy concerns to hacking attacks, business information assets are being constantly challenged .Organisations will face the need to manage growth in an increasingly challenging economy while at the same time comply with a growing number of regulations and standards. New or changed regulations expected to impact information security in the next 12 to 18 months include ISOI27001/2 revision, cloud computing standards, more demanding government security requirements in contracts/service level agreements, as well as an overall tightening of data protection regulations.

Therefore, effective policy compliance will become an increasingly pressing concern to meet these new challenges – how will you respond? How will you deal with more sophisticated and unrelenting threats?

Protecting sensitive data and meeting compliance mandates has probably never been more challenging. Fortunately, automated solutions for compliance policy management can provide much-needed help with these challenges.

Automated Policy Compliance Solutions
Automated compliance policy management assesses settings against relevant policies, detects and reports out-of-compliance set¬tings. Automated solutions can identify unauthorized, out-of-policy changes, and immediately alerts IT so they can automate remedia¬tion of improper settings and address its cause. In addition, these solutions can  provide proof of compliance with policies through assessment reports, and collects evidence of changes to prove continuous compliance.

The benefits of automated policy compliance can be viewed as follows:

• Rely on automation to meet compliance demands. Automation is essential if organisations are to address their compliance demands, keep up with the evolving threat landscape and constantly changing requirements and have a chance at keeping compliant in the face of constant changes made to the IT infrastructure. 
• Auditing capability for greater control. Capabilities of an automated auditing solution, can ensure that changes from the required compliant state are immediately detected—so that they can be addressed in a timely fashion.
• Integrate with log and event management. This integration can enable the correlation of change and security event data, enables IT to identify events of inter¬est that may represent an attack as it occurs, and minimise the amount of time the organisation is exposed to that risk. Such integration also helps meet log management requirements included in most compliance mandates.
• Include relevant policies. Part of the problem many organizations face is determining what parts of relevant policies, standards, or regulations apply to them. Ideally, a compliance policy management solution provides a short path to compliance. This is done by providing comprehensive tests against critical policies, along with the ability to modify policies and tests according to business and security needs.
• Capture and retain customized settings as policy. To ensure the organization does not have to recreate configurations designed to deliver the ideal balance between security, compliance and operational needs.
• Be effective in all types of computing environments. With virtualization widespread and cloud computing becoming the norm, compliance policy management can assess the settings the organisation is responsible for, no matter where they reside.
• Offer automated multi-level reporting. Information security managers want a dashboard view that tells them  how in- or out-of-compliance the organisation is.
• Generate an audit trail. As IT is increasingly asked to meet and prove compliance with internal and external regulations, automated solutions can generate all the evidence required t maintain a compliant state. These solutions can support policy waivers and associated documentation to temporarily exclude  these elements from audit reports when IT has a valid reason for doing so.

Sapphire point to a number of solutions:

Our vendor solutions include MetaCompliance, a software solution developed to help organisations to mitigate the risk of a compliance failure or IT breach. The MetaCompliance™ suite of software assists organisations in devolving these responsibilities to the main source of risk - employees and subcontractors.

MetaCompliance™ obtains affirmation from the user in the form of self certification. This happens when policies are presented to the user and as a result of our patented enforcement technology; the user provides a response to the policy or prompt.

In addition to this, Sapphire provides Boole Server, a security platform designed to protect against unauthorized viewing, manipulation or distribution of data. It provides secure storage and access to data along with full auditing capabilities. Boole Server is the result of extensive study in to the vulnerabilities of security systems.
 
Providing a high level of protection from both opportunistic and determined attempted security breaches. Boole Server enables organizations to securely share and protect all their confidential documents anytime, anywhere through the most advanced on-demand document security solution available.

Sapphire’s consultancy services can assist your organisation to streamline its existing policies and procedures to encourage compliance and to raise user awareness. Our methodology is tailored to suit your specific business requirements.

• Support 0845 58 27999
• General 0845 58 27001
• Request a Call / Quote