PricewaterhouseCoopers' spin-off Brabeion Software this week upgraded its compliance management platform to provide customers with more than 6,000 control tests on ISO and other standards.

Brabeion, founded in 2005, commercialized a software platform developed at PricewaterhouseCoopers around 2000. The technology, dubbed Enterprise Security Architecture System (ESAS) at PricewaterhouseCoopers, was originally designed to let large companies create information security programs by unifying security efforts through policies and controls, rather that just technology, Brabeion executives say.

Brabeion spun two products from the technology, the IT Risk & Compliance Center (ITRCC) and IT Risk & Compliance Manager (ITRCM). The former product offers customers a control portal through which they can view enterprise-wide policies and compliance with standards such as the Health Insurance Portability and Accountability Act (HIPAA) and the  Sarbanes-Oxley Act, among others. And the latter provides customers with an automated means to rationalize their policies and controls against those required by regulatory or business standards.

Updated to Version 3.0 this week, ITRCM taps a library of content that details the controls IT managers are required to prove to Sarbox auditors, for instance, and it also includes comprehensive information on control frameworks such as COBIT (Control Objectives for Information and related Technology). The company added with this release the ability to define role-based dashboards that provide comprehensive metrics, track user policy acceptance and remediation efforts, among other things.

"Compliance is about more than technology. It requires people, processes and technology. We have integrated those three facets to provide unified policy management across large companies," says Steve Schlarman, chief compliance strategist at Brabeion, who previously served as a director in PricewaterhouseCoopers' Advisory Practice focusing on information security consulting and auditing. "Brabeion creates reference models based on control frameworks such as ISO and also provides reference modules for major regulations such as HIPAA."

The core policy software requires no client agent to be installed, sits on a Web server and includes a database server. The software uses APIs, or a universal agent, to collect compliance-related data from existing systems such as databases, assessment technologies and third-party software. The interface is Web-based and features role-based dashboards that can be used by various different staff members based on their access rights within the organization. For instance, security managers can log in to the product to see how assets are being protected and if the means of protection complies with regulatory standards.

Whitepapers

• Selecting Effective Virtual Directories
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users
• IT Departments on Data Security: A Research Concepts Survey
• Laptop Security Tool Helps Allina Hospitals Track 97% of IT Assets

View more SOFTWARE whitepapers

Webcasts

• Managing the End User Experience-A Real World Example of Success
• Lowering the Cost of Email Archives
• Google Webcast: Why archive email? Top challenges and best practices
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SOFTWARE webcasts

Special Reports

• Application Performance Management Executive Guide
• Executive Guide: Building a Service Oriented Architecture
• IT Buyers Guide To: Collaboration

View more SOFTWARE special reports