Compliance Central

Quest’s Compliance Solution Integration Hotspot

Whether you have an external regulation bearing down on you, or need to meet increasingly stringent internal information security standards, your worry is the same: managing access to information to ensure adequate internal controls. Understanding who has access to specific files and areas of the network, what they are doing with their access, and whether their access is appropriate for their job is critical to addressing an auditor’s requests - and your organizations data security! And because you can’t absorb any more costs above the normal support the daily operations of your IT group, you need to leverage the same solutions to address both the compliance and IT operational needs. Quite a challenge.

What if the objectives to comply with internal and external regulations and improve the efficiency of daily IT operations could be met with the same budget dollar?

You’ve found Quest’s landing point for IT Compliance solution integration, where we provide an in-depth solution to an organization’s IT compliance requirements. This includes assessing the infrastructure and its level of security, auditing and alerting on user and administrator activity as well as providing automated remediation policies in the case of violations to compliance standards and procedures. Our integrated solutions approach allows us to deliver solutions that deliver increased operational efficiency while at the same time addressing your Governance, Risk and Compliance requirements. What IT Compliance pain are you faced with? Quest can help. Download the Quest Knowledge Portal now and get the compliance evidence you’re looking for mapped to PCI, SOX, HIPAA, COSO or others.

What is IT Compliance?

IT Compliance has come of age as a critical part of a corporate compliance program and taken its place in most organizations as a Critical Success Factor in corporate strategies.

At the strategic level, IT Compliance is about meeting the technology & information objectives of business services in light of corporate governance, operational risk, and information security. When it comes to formulating the best IT compliance approach that companies should take, it is extremely unlikely that adopting a one-size-fits-all approach is advisable. When discussing what’s needed for IT compliance, there are negotiable aspects and the non-negotiables. And these are not necessarily the same for every company. While it’s true that “strong security is good and poor security is bad” each company will need to determine which controls are negotiable and which are not when addressing both common and specific requirements across the various compliance mandates it faces in light of its own unique set of circumstances.

Is Your Pain a Tactical one?

For years tactical solutions have been used by organizations worldwide to assist in preparing for and in supporting various IT audits. But the IT compliance evidence these solutions made available has historically not been integrated - making IT audits, in some cases, extremely time-consuming. If you are faced with a similar situation, Quest can help. Now, for key IT infrastructure components (like Microsoft Active Directory, Exchange and Windows Server) Quest is offering organizations the ability to provide evidence of IT Infrastructure compliance mapped to specific mandates through a single web interface called the Quest Knowledge Portal. This common portal integrates information from many different data sets to provide a consolidated view of internal controls with your IT infrastructure environment.

IT Compliance Reporting

The Quest Knowledge Portal now supports a number of Compliance Report Packs. If you are using Quest products within your IT infrastructure, you can use Quest’s Compliance Report Packs to automatically generate the audit prep (and audit support) reports you’ve been looking for – the ones that provide mandate-specific and framework-specific compliance evidence of your IT infrastructure. Your infrastructure already contains evidence of IT compliance and where such evidence is lacking, Quest solutions can fill in the gaps. The problem has been getting that evidence quickly in a format that your external auditors can readily assess. Now, you can get it quickly. With Quest’s mandate-specific Compliance Report Packs, the policy violations, vulnerabilities, security incidents, and configuration data from the areas of your IT infrastructure that Quest tools help you manage is brought together to provide a complete account of the IT controls an external auditor is looking for. Whether you’re reporting on evidence of cardholder data protection for PCI DSS requirements using group memberships information from Quest Reporter, or evidence of safeguards around ePHI for HIPAA by monitoring user activity with Quest InTrust, or looking for evidence of general key controls for SOX that relate to your Windows domains using Quest InTrust Plug-in for Active Directory - Quest’s Compliance Report Packs deliver. Even framework-specific reports that show, for example, evidence of mailbox tampering are available (see the control activities and monitoring reports of the COSO Report Pack).  Existing links are embedded allowing drill-down to the appropriate level of detail.

Customizable Reports, Views and Distribution

Reports can be easily customized by the end user to obtain the specific information desired. Each view is based on the users’ needs and requirements. Each profile can offer a different set of reports and access.  Subscriptions can be set up so that each user can receive an updated report via e-mail or a notification letting them know that a new report is available.

Secure Access

Users must authenticate into the Portal at the time of log on. Once logged in, the user can view the reports and associated data for which they have been assigned.  Different profiles can be setup for management, IT personnel, auditors, etc., providing the end user the specific information needed in order to perform their job duties.

Easy Access

Because Compliance Report Packs are web-based, authenticated users can access critical information from anywhere in the world.  No applications need to be installed on desktops, meaning an easier deployment.

Free Webcasts!

Through 2010, organizations that select individual solutions for regulatory challenges will spend 10 times more on the IT resources for them than companies that take a more proactive, integrated approach. Quest can show you how to reduce cost and complexity in your compliance initiatives. Listen to one of our educational free Webcasts to find out more.

Getting Started

• Download the Quest Knowledge Portal now and get the compliance evidence you’re looking for mapped to PCI, SOX, HIPAA, or COSO.
• Learn how the Quest Knowledge Portal can help you baseline, track and alert on access to critical data with Compliance Suite for Windows.
• Learn more about Quest Reporter, Quest InTrust, Quest InTrust for Active Directory, Quest MessageStats and Quest Archive Manager or InTrust for Databases.
• Get answers to your compliance-solution-related questions from others facing similar challenges at Quest’s new Compliance Suite Community site.