Regulatory Compliance Survey Confirms That Customers Intend to Leverage Identity Management to Achieve Compliance; Reducing Organizational Risk Cited as a Top Concern.

SAN DIEGO San Diego (săn dēā`gō), city (1990 pop. 1,110,549), seat of San Diego co., S Calif., on San Diego Bay; inc. 1850. San Diego includes the unincorporated communities of La Jolla and Spring Valley. Coronado is across the bay. & FRAMINGHAM, Mass. -- Courion(R) Corporation, a leading provider of self-service identity management solutions, today announced the results of a regulatory compliance survey conducted with its Fortune 500 customer base. The findings confirmed that customers faced with regulations including Sarbanes-Oxley, Gramm-Leach-Bliley, HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, , EU 95/46/EC Data Protection Directive, VISA(R) CISP CISP Cardholder Information Security Program (Visa)
CISP Comitato Internazionale per lo Sviluppo dei Popoli
CISP Certified IRA Services Professional (American Bankers Association)  and countless others intend to leverage identity management solutions to achieve compliance.

As organizations work towards compliance, most struggle to identify what information and applications users have access to, much less whether or not it is appropriate access. What's more, proving that users have completed the necessary training before obtaining access to critical systems is difficult at best, impossible for most. These issues present significant challenges as compliance dictates that organizations must "attest To solemnly declare verbally or in writing that a particular document or testimony about an event is a true and accurate representation of the facts; to bear witness to. To formally certify by a signature that the signer has been present at the execution of a particular writing so as " that users have only the minimum access necessary to do their jobs and that they have been sufficiently trained in security policy awareness. Despite these challenges, 80 percent of survey respondents In the context of marketing research, a representative sample drawn from a larger population of people from whom information is collected and used to develop or confirm marketing strategy. said they plan to implement some form of compliance review of access rights in the future, and 43 percent said they expect to have to attest to the accuracy and appropriateness of user access rights for regulatory compliance on at least a semi-annual basis. A majority of those planning to utilize some form of automated au·to·mate
v. au·to·mat·ed, au·to·mat·ing, au·to·mates

v.tr.
1. To convert to automatic operation: automate a factory.

2. policy and access review process (68 percent) indicated that they are in the discovery or planning phase In amphibious operations, the phase normally denoted by the period extending from the issuance of the order initiating the amphibious operation up to the embarkation phase. The planning phase may occur during movement or at any other time upon receipt of a new mission or change in the , citing the protection of data privacy and a desire to reduce organizational risk as the key drivers for examining their methods and systems for achieving compliance. Nearly half (48 percent) of all respondents identified identity management as the solution to achieving industry and regulatory compliance.

These findings further validate Courion's development of ComplianceCourier(TM), which the company launched today from Burton Group's Catalyst Conference in San Diego. (See separate release dated July 21, 2004.) Customers such as Sharp HealthCare Sharp HealthCare is a not-for-profit integrated regional health care delivery system located in San Diego. Sharp includes four acute care hospitals, three specialty hospitals, three affiliated medical groups and a health plan. are already using ComplianceCourier to achieve compliance through automated user access review and approval and self-service policy awareness training and testing. ComplianceCourier aggregates user access data into a summary that is comprehensible com·pre·hen·si·ble
adj.
Readily comprehended or understood; intelligible.

[Latin compreh by non-technical staff and then presents it for approval, modification or rejection. This allows the appropriate parties, often business managers, who are typically most knowledgeable about what end users really require to perform their jobs, to attest that users have only minimum necessary access. The self-service solution will then trigger appropriate actions such as creating an audit record or automating user provisioning The ability for customers to change voice and data services from their carriers online without having to place the order with a human representative. Web-based user provisioning lets you add and delete services and features from your browser. See automated provisioning. to enforce corrections. ComplianceCourier also administers self-service policy awareness training and testing that can be used to gate user access. Further, ComplianceCourier serves as an effective framework to demonstrate compliance with regulatory and corporate policies.

"Most organizations today are faced with some form of regulation with which they must comply and all should be examining their methods for achieving it," said Chris Zannetos, president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. , Courion. "Manual processes prove to be grossly inefficient and far too costly. Businesses cannot afford to task people resources with such tedious and time-consuming processes as figuring out what people have access to and determining whether or not it is appropriate for their role, let alone administering the training and testing of users on policy awareness. Automated user access verification processes and self-service policy awareness training and testing not only helps customers achieve compliance, but provides the benefits of reduced costs, improved operational efficiency and strengthened security for a quantifiable Quantifiable
Can be expressed as a number. The results of quantifiable psychological tests can be translated into numerical values, or scores.

Mentioned in: Psychological Tests positive impact on the business."

Based on the results of its compliance survey, Courion also found that reducing organizational risk is considered the top benefit of implementing compliance solutions (cited by 64 percent of respondents), followed by the ability to attest to users' IT access rights at 42 percent and improving accuracy and consistency of employee/customer data at 41 percent. Respondents also cited improving business processes, reducing administrative overhead and eliminating orphaned or·phan
n.
1.
a. A child whose parents are dead.

b. A child who has been deprived of parental care and has not been adopted.

2. A young animal without a mother.

3. accounts as benefits of implementing compliance solutions. The survey also revealed that 26 percent of the respondents said their company has a Compliance Officer dedicated to driving compliance while 35 percent said the responsibility for compliance still falls under the CIO/CTO.

About Courion

Courion Corporation provides award-winning self-service identity management solutions in Identity Management Suite(TM). Over 220 enterprise customers worldwide including 50 of the FORTUNE 500 utilize the Suite to securely automate To turn a set of manual steps into an operation that goes by itself. See automation. routine, manual processes for user provisioning, password management, industry and regulatory compliance, virtual directory management and digital certificate management. By leveraging the existing infrastructure and integrating disparate workflows within the enterprise, Courion solutions drive operational efficiency, optimize user productivity, strengthen security, reduce costs and ensure efficiency in achieving policy compliance. For more information, contact Courion's headquarters in Framingham, MA, USA at 508-879-8400 or visit www.courion.com.

Courion, AccountCourier, PasswordCourier and ComplianceCourier are registered trademarks or trademarks of Courion Corporation. All other company and product names may be trademarks of their respective owners.

COPYRIGHT 2004 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Business Wire
Geographic Code:	1USA
Date:	Jul 21, 2004
Words:	798
Previous Article:	Courion Launches ComplianceCourier as Part of Identity Management Suite 7.0; New Product Helps Customers Achieve Regulatory & Industry Compliance.
Next Article:	Watts Water Technologies, Inc. Second Quarter 2004 Earnings Conference Call.
Topics:	Computer software industry Software industry

Related Articles
Is process hurtful or helpful?
Survey Finds Companies Turning to Identity Management to Enable Sarbanes-Oxley Compliance.
Courion Launches ComplianceCourier as Part of Identity Management Suite 7.0; New Product Helps Customers Achieve Regulatory & Industry Compliance.
Children's Hospital Boston to Deliver Identity Management Case Study at Healthsec Boston.
Courion Corporation Achieves Challenger Status in META Group's Evaluation of Identity Management - User Provisioning.
Trusted Network Technologies' Utility IT Study Reveals Expectations of Critical Energy Systems Breaches; Utilities Executives Burdened by Compliance,...
ENTELLIGENCE REDUCES SENSITIVE CORPORATE DATA LEAKS.
Insurers gaining enterprise-risk savvy.(surveys on risk management)(Survey)(Brief article)
UK top IT Priorities.
Insurers' CFOs worry about regulation, interest rates in '07.