We live in Houston, and we were personally and professionally affected by the saga known as 'The Enron Scandal.' Unfortunately, Enron executives’ antics resulted in wide ramifications for many U.S. companies – most notably through the implementation of the federal mandate known as Sarbanes-Oxley, or SOX. Yes, it’s true that most publicly traded companies are honest and ethical, but we’ll also remind you that it only takes a handful of deceitful people to bring down an empire.

While the SOX mandate has been especially onerous, collectively costing businesses billions of dollars to meet the requirements, it is getting easier and less expensive for companies to comply. In the July 2006 Network World article "Happy Birthday, SOX", we learned that, after nearly five years, companies are narrowing the focus of their efforts and concentrating on areas where they are likely to face the most risk. If nothing else, SOX has forced companies to become much more attuned to the financial and operational risks that could strike their businesses, and that’s a good thing.

Of course, SOX isn’t the only legislation or industry standard that is driving process improvements in large organizations. HIPAA, GLBA, FISMA, ISO standards and other regulations dictate how businesses should operate.

There are quite a few software companies and service providers that are focused on helping enterprises identify and remediate their security, financial and operational risks by controlling IT processes and assets. In fact, it’s hard to find an enterprise software company that doesn’t have “compliance” as a key function. We’ve talked to a lot of these companies in the past year, and we’ve found a couple worth mentioning because of their unique approach to compliance.

Brabeion Software Corporation offers a broad based compliance management software platform that is driven by a comprehensive risk knowledgebase from PricewaterhouseCoopers. Since major audit firms can no longer provide consulting services like they once did, Brabeion built the consultation into their software solution.

The Brabeion Compliance Center has a built-in risk matrix which you can customize for your own environment. This matrix then guides you in your implementation procedures for all types of regulations, including those from ISO and those developed by your own company. You tie your assets to the compliance or regulatory controls you want to measure, and get an alert when something is out of compliance. The goal is to help an enterprise improve its controls and security.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.