After a company’s board makes a decision to become compliant with regulations such as Sarbanes-Oxley (SOX) in the U.S. or PIPEDA in Canada, the task of sourcing and implementing technology to make it happen often falls on the IT manager’s shoulders.
The first step is to figure out how compliant the IT infrastructure is. This often proves to be a difficult step, as many IT pros have no idea where to begin.
“The biggest demand is for simpler reporting,” said Ross Chevalier, chief technology officer of Novell Canada Inc. in Toronto. “Makers of infrastructure technologies have been capable of doing this kind of (information gathering) work in the past. But what has not been there are pre-formatted reports and architectural constructs that support the production of a simple-to-understand SOX or PIPEDA audit report.”
A SOX audit report should be able to describe who has access to data, what information in a database has been changed, when information was changed and how it was changed.
A PIPEDA audit report should reveal what information is available on a network, whether criti
