ComplianceCourier aims to help users meet regulations

Last time, I said that Burton Group’s Catalyst Conference taking place this week, is “the most energizing” conference devoted to identity management. But PingID’s Eric Norlin was quick to point out that I hadn’t, as yet, been to a Digital ID World conference he helps to organize.

While it’s true that something always seems to come up in late October that prevents me from getting to Denver, I have promised to make an appearance this fall.

The idea of “competing” (or, perhaps, complementary) identity management conferences would have been very alien just a few short years ago. Of last year’s 10th Catalyst show, I said that it demonstrated the “maturing” of the identity management space. This year I might say that it demonstrates the “filling out” of the space – the size of the conference has exploded geometrically. Maybe next year the Burton Group could take over the probably-not-going-to-be-used Comdex dates at the Las Vegas Convention Center.

One of the big announcements at the show (there are plenty of them – enough to keep this newsletter in new topics for many weeks to come) was from Courion, which is adding a “Courier” to its burgeoning portfolio of identity lifecycle services.

This addition is called ComplianceCourier and, as its name implies, it has everything to do with compliance to government regulations (such as HIPAA, the Food and Drug Administration’s 21 CFR Part 11, Sarbanes-Oxley, etc.) as well as to industry-wide standards and requirements.

While ComplianceCourier is designed to be a part of what seems to be an all-encompassing family of identity products, which includes AccountCourier, PasswordCourier, CertificateCourier and ProfileCourier, it also can be a stand-alone product. And, again like the other Courion products, ComplianceCourier highlights self-service use for the people who need it most.

The two biggest areas that ComplianceCourier handles are testing and attestation. Attestation, a requirement of many regulations, is the certifying by a responsible authority that a person has the correct access to resources. Under ComplianceCourier, managers periodically review the access rights of the users they manage and can either approve, modify or revoke a user’s access. The managers can’t escape the responsibility, either, since the user’s access can be suspended until the manager recertifies it.

The second major feature is the Policy Awareness Testing. Users either as part of their initial introduction to the network or periodically as a refresher can be tested on their knowledge of company policy. This practice is important from a regulatory point of view, so you can attest that the user knows the policy. Access to the network is denied until the users get a passing score, which can be set by the administrator.

Regulatory compliance is all the rage among identity professionals right now (at least that’s what people are talking about), so this product can help you look good in your organization. As a stand-alone product, which is fairly easy to set up, you use it as the “camel’s nose” to get a full-blown identity management suite of services into the corporate tent.