1. Field
Embodiments of the present invention apply to the field of network security and regulatory compliance, more specifically compliance management.
2. Description of the Related Art
Modern business enterprises operate in a complex regulatory environment. Many enterprises must comply with various government regulations both on the federal level and on the state and local levels. For example, most public corporations (at the present time any publicly traded corporation with fifty million or more market capitalization) must comply with the Sarbanes-Oxley Act of 2002. Financial enterprises, heath related enterprises, and other more stringently regulated industries have their own regulatory frameworks.
Furthermore, many business enterprises have internal policies and controls independent of government regulation. These controls and policies may be concerned with security, confidentiality maintenance, trade secret protection, access control, best practices, accounting standards, business process policies, and other such internal rules and controls. The cost of complying with all regulations, rules, policies, and other requirements can be substantial for a large scale business enterprise.
Up until the present time, large scale business enterprises have mostly used outside consultants to assist with compliance. The costs of such consultants can be staggering. Moreover, different consultants use different systems and checks, making it difficult to switch consultants. Some rudimentary efforts have been made to automate some of the task of compliance. However, what is needed, in an integrated compliance management system that can address both present and future compliance needs and integrates into an enterprises existing network infrastructure.