Regulatory compliance was a really hot issue last year. So hot, in fact, that compliance budgets were being approved with only one thought – get it done and get it done now. Deadlines had to be met, and corporate officers who were facing shareholder rebuke or potential grand jury inquiries weren’t going to quibble over a few dollars here or there.

But now that you have some sort of compliance reporting mechanism in place it’s time to look at two things – more automation and lower cost. Last week I mentioned that RSA’s Toffer Winslow was predicting “many organizations will seek new ways to drive costs out of their overall compliance program.” I agreed and it looks like vendors are taking up the challenge.

Relative new-kid-on-the-block Aveksa (it only launched in June 2006), whose motto is “where security meets compliance,” likes to talk about achieving “sustainable” compliance and sees itself as being the first inhabitant of a new niche in the market – Automated Security Compliance Management. It recently released Version 1.5 of its Compliance Manager product which improves and enhances the original release. I was impressed by that first release, not so much for what it actually did but for the potential it had. This new release realizes some of that potential. Among the new and improved features:

* Enhanced review and certification workflow - The entitlement review process can be easily automated creating customizable workflows for business users to review and certify user entitlements and roles on a regular basis. It supports data transformation to ensure that the reviews are easy to understand for business users and tailored to the needs of the business. The integrated workflow supports security policies and compliance control objectives that mandate scheduled certifications and regular testing to ensure appropriate entitlement and role assignments. The closed loop process ensures accountability. Using Aveksa Compliance Manager, the IT Security and Compliance team can provide the certification evidence needed by compliance auditors and minimize risk by ensuring that access rights decisions are reviewed regularly by the appropriate managers and appropriate changes made.

* Expanded dashboard capability - a roles-based dashboard that provides a simple and effective way for IT security and business users to track status and any issues within their area of responsibility, including additional information about the state of entitlement reviews.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.