The NextLabs Audit and Compliance solution enable businesses to:
- Monitor for compliance. Understand who is accessing and distributing information that is governed by regulations.
- Streamline compliance audits. Provide auditors with attestations of proper entitlements and proof of controls over regulated information.
- Improve analysis. Combine an understanding of what is happening to information with the knowledge of what risks can happen.
- Improve reporting. Provide reports grouped by regulatory mandates to management and auditors.
- Close gaps in compliance posture. Provide basis for gap analysis with activity monitoring and automated intervention that provides measurable controls.
Comprehensive Visibility into the Location, Use and Distribution of Information Material
A myriad of privacy regulations across the industry require companies to properly govern the use and distribution of information considered material non-public. However, auditing for compliance is difficult, since so much unstructured data resides across electronic documents, such as e-mails, spreadsheets, and word processing files. Adequately meeting this challenge requires:
- Knowing the location of all material information.
- Knowing who has rights to access the information.
- Knowing who has used or distributed the information.
- Attesting to controls over the information.
- Consolidating reports for all systems that store the information.
It is unrealistic to believe that manual efforts are adequate for meeting these requirements and presenting results in a timely manner. An incomplete understanding of the information landscape, coupled with the inability to track information use and distribution activities, creates barriers to successful audits and compliance.
Companies can now solve these challenges by identifying unstructured material information and monitoring all access, use and distribution activities. The Audit and Compliance solution provides distributed inventory and monitoring components that act as the basis for exceptional audit and compliance capabilities.
The Audit and Compliance Application
The three primary components include:
Provides the "what, where and who" aspects for material information. Identifying the material information, its location, and the rights associated with its use provides the basis for further data gathering efforts. The raw data can also be used to generate reports for audit and compliance.
Inspects, aggregates and analyzes rights data for material information, and integrates this data with business practices data to synthesize assessments of proper and improper grants of rights. Data can be used to expose outlier rights grants, rogue accounts, and rights attestation reports.
Activity Audit and Compliance Monitoring
Provides run-time introspection of the material information life-cycle. Through observation and documentation of all use and distribution activities related to material information, improper actions can be noted and acted upon proactively, eliminating unexpected results during audits.
The solution delivers unparalleled knowledge and controls for unstructured material information. The data gathered and presented by the solution, and the additional controls provide businesses with improved audit and compliance postures, but more importantly, the solution greatly reduces the chance that material information will be improperly used or distributed.
Material Information Inventory
Companies can now know:
- What documents must be protected from abuse.
- What documents must be protected from unintentional distribution.
- What centralized repositories contain material documents.
- What distributed systems contain material documents.
- Who owns material documents.
Builds upon the data gathered during inventory and gathers more critical data to gain key insights into data repositories to expose:
- Who has access to what material documents.
- What groups are defined for each repository.
- Whether group membership is consistent across repositories.
- What groups have access to what material documents.
- What entitlements are set across every shared resource.
Activity Audit and Compliance Monitoring
By implementing activity audit and compliance monitoring, companies benefit from an understanding of what is happening to their material information, complementing their understanding of what can happen provided by inventory and entitlements audit. The company will know:
- When any material information is accessed.
- Who accesses specific information.
- Who modifies it.
- When information is distributed.
- Who distributed it.
- To whom was it distributed.
- What information is distributed.
Reporting for Compliance
Packages the reporting capabilities provided by the solution for specific regulatory compliance scenarios include:
- Gramm-Leach-Bliley (GLBA) Compliance.
- Sarbanes-Oxley (SOX) Compliance.
- International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR).
- NRC and Department of Energy Part 810.
- German BAFA and UK Export Control Act.
- NERC Critical Infrastructure Protection (CIP).
The solution can be easily configured to support other reporting requirements.