Audit & Compliance

Minimize the Cost and Impact of Compliance

Many companies struggle with how to best protect their intellectual property and other sensitive information as they often lack the visibility needed to define effective access policies that help mitigate risk. Auditing by user identity helps to create a baseline of user and resource activity to help quickly determine network level access rights, policy implementation and meet IT compliance requirements such as PCI, SOX, and more.

IT departments bare one of the heaviest burdens in compiling the data required by auditors - as their responsibilities include the documentation of procedures for security policy, compliance controls and risk management processes. For many organizations, this is a key point of failure both before and during an audit and inevitably leads to increasing the cost of audit related fees.

  • Government and industry regulatory compliance mandates such as PCI, GLBA, SOX and HIPAA specify access to confidential or sensitive data must be controlled and auditable.
  • Only specific users from multiple departments may have access to specific types of information at certain times of the day / week. Details on who has accessed data when and from where must be fully logged and accessible.
  • The risks associated with non-compliance can include fines, negative publicity, and loss of future budget allocation.

Identity Aware Networks Aid Compliance

Through auditing, monitoring, reporting and network level enforcement based on User Identity, Applied Identity can help quickly address many of the critical requirements for IT compliance. Applied Identity’s solutions can help organizations meet compliance requirements in the following governmental and industry mandates;

  • California SB 1386

    Known as the Security Breach Information Act, this state law governs organizations that serve customers residing in California and store confidential data about those customers on computers, or transmit such data over networks. The law requires proactive protection of private data for Californians.

  • EU Privacy Directives

    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995, on the protection of individuals with regard to the processing of personal data and on the free movement of such data. It was implemented to standardize the requirements for the protection of personal information across all the countries that make up the EU.

  • GLBA

    The Gramm-Leach-Bliley Act of 1999 requires financial institutions to create, document and continuously audit security procedures to protect the nonpublic personal information of their clients, including precautions to prevent unauthorized electronic access.
    View GLBA Compliance Mappings for ID-Audit and ID-Enforce Download PDF

  • HIPAA

    The Health Information Portability and Accountability Act (HIPAA) was one of the first mandates requiring organizations to implement IT security controls to protect the privacy of Protected Health Information (PHI) that they handle and store. The ambiguity of the regulations coupled with the lack of external audits and fines has created a mandate that is practically unenforceable.

  • NIST – SP800-53 / FIPS 200 / FISMA

    National Institute of Standards and Technology Special Publication 800-53 defines management, operational and technical security controls for the information systems used by U.S. federal agencies, including guidelines within 17 different control areas to protect the confidentiality, integrity and availability of systems and the information they host.
    View NIST 800-53 Compliance Mappings for ID-Audit Download PDF
    View NIST 800-53 Compliance Mappings for ID-Enforce Download PDF

  • PCI DSS

    The PCI Data Security Standard was developed by the major credit card companies as a guideline to help organizations that process card payments to prevent credit card fraud, hacking and various other security issues. A company processing, storing, or transmitting credit card numbers must be PCI DSS compliant or they risk losing the ability to process credit card payments. Merchants and Service Providers must validate compliance with an audit by a PCI DSS Qualified Security Assessor (QSA) Company. PCI is currently the only regulation that requires Unique User Identity’s for control of access and audit reporting. View PCI DSS Solution Brief for ID-Audit and ID-Enforce Download PDF

  • SOX

    The Sarbanes-Oxley Act of 2002 requires strict internal controls and independent auditing of financial information as a proactive defense against fraud—with potentially serious civil and criminal penalties for noncompliance. Section 404 requires the company's auditor to attest to and report on management's assessment of the effectiveness of the company's internal controls and procedures for financial reporting.