Audit and Compliance

Overview
nextlabs-information-risk-management-compliance-audit-auditing
Resources

  • Monitor for compliance
    Understand who is accessing and distributing information that is governed by regulations.
  • Streamline compliance audits
    Provide auditors with attestations of proper entitlements and proof of controls over regulated information.
  • Improve analysis
    Combine an understanding of what is happening to information with the knowledge of what risks can happen.
  • Improve reporting
    Provide reports grouped by regulatory mandates to management and auditors.
  • Close gaps in compliance posture
    Provide basis for gap analysis with activity monitoring and automated intervention that provides measurable controls.

 

Comprehensive visibility into the location, use and distribution of material, nonpublic private, and personally identifiable information in documents

A myriad of privacy regulations across the Financial Services industry require companies to properly govern the use and distribution of information considered material nonpublic. However, auditing for compliance is difficult, since so much unstructured data resides across electronic documents, such as e-mails, spreadsheets, and word processing files. Adequately meeting this challenge requires:

  • Knowing the location of all material information
  • Knowing who has rights to access the information
  • Knowing who has used or distributed the information
  • Attesting to controls over the information
  • Consolidating reports for all systems that store the information

It is unrealistic to believe that manual efforts are adequate for meeting these requirements and presenting results in a timely manner. An incomplete understanding of the information landscape, coupled with the inability to track information use and distribution activities, creates insurmountable barriers to success and uncertain audits.

 

The Solution

Companies can now solve these challenges by identifying unstructured material information and monitoring all access, use and distribution activities. The Audit and Compliance solution provides distributed inventory and monitoring components that act as the basis for exceptional audit and compliance capabilities.

 

The Audit and Compliance Application

The three primary components include:

Inventory

Provides the "what, where and who" aspects for material information. Identifying the material information, its location, and the rights associated with its use provides the basis for further data gathering efforts. The raw data can also be used to generate reports for audit and compliance.

Entitlements Audit

Inspects, aggregates and analyzes rights data for material information, and integrates this data with business practices data to synthesize assessments of proper and improper grants of rights. Data can be used to expose outlier rights grants, rogue accounts, and rights attestation reports.

Activity Audit and Compliance Monitoring

Provides run-time introspection of the material information lifecycle. Through observation and documentation of all use and distribution activities related to material information, improper actions can be noted and acted upon proactively, eliminating unexpected results during audits.

The solution delivers unparalleled knowledge and controls for unstructured material information. The data gathered and presented by the solution, and the additional controls provide financial institutions with improved audit and compliance postures; but more importantly, the solution greatly reduces the chance that material information will be improperly used or distributed.

Material Information Inventory

Companies can now know:

  • What documents must be protected from abuse
  • What documents must be protected from unintentional distribution
  • What centralized repositories contain material documents
  • What distributed systems contain material documents
  • Who owns material documents

Entitlements Audit

Builds upon the data gathered during inventory and gathers more critical data to gain key insights into data repositories to expose:

  • Who has access to what material documents
  • What groups are defined for each repository
  • Whether group membership is consistent across repositories
  • What groups have access to what material documents
  • What entitlements are set across every shared resource

Activity Audit and Compliance Monitoring

Run-time functionality about the use and distribution of material information. By implementing activity audit and compliance monitoring, companies benefit from an understanding of what is happening to their material information, complementing their understanding of what can happen provided by inventory and entitlements audit. The company will know:

  • When any material information is accessed
  • Who accesses specific information
  • Who modifies it
  • When information is distributed
  • Who distributed it
  • To whom was it distributed
  • What information is distributed

Reporting for Compliance

Packages the reporting capabilities provided by the solution for specific regulatory compliance scenarios, such as:

  • Gramm-Leach-Bliley (GLBA) Compliance
  • Sarbanes-Oxley (SOX) Compliance

An example is provided below. The solution supports other packages and scenarios as well; contact NextLabs for more information.

 

Gramm-Leach-Bliley Compliance Example

Non-public Personal Information Protection Scenario:

  • List all documents containing nonpublic personal information (NPI), sorted by repository
  • List all users entitled to access each repository
  • Provide attestation reports for information owners and managers
  • List all accesses to NPI during current month and current quarter
  • List all accesses to NPI during previous quarter
  • List all duplications of NPI during current quarter, sorted by user
 
White_Paper_Information_Risk_Management_Audit_and_Compliance
Datasheet-Information-Risk-Management-Compliance-Enterprise-DLP
White_Paper_Information_Risk_Management_Compliance_Enterprise_Entitlement_Management_Authorizations_Access_Control
Pre-Recorded-Webinar-Information-Risk-Management-Compliance-Information-Governance-for-SharePoint-Entitlements-General