Tools Ease Path to Compliance

IBM, Zantaz and ZipLip help IT obey the law.

With businesses facing a growing number of regulations surrounding the retention of and access to corporate data, myriad vendors are responding with software and services to help IT organizations comply.

IBM, Zantaz Inc. and ZipLip Inc. are each delivering technologies to aid companies in fulfilling the terms of such industry-specific directives as the emerging Basel II and more general Securities and Exchange Commission rules for the financial services industry, as well as more generalized laws, such as the Sarbanes-Oxley Act, which applies to all U.S. public companies.

IBM, of Armonk, N.Y., late last month introduced a medley of compliance bundles that include hardware, software and services and address such regulatory initiatives as the USA Patriot Act, Health Insurance Portability and Accountability Act, and Sarbanes-Oxley. Many are based on existing IBM technologies or those of IBM partners.

For example, one of the offerings, the IBM Anti-Money Laundering Service, is offered as a hosted service in conjunction with Searchspace Corp. It monitors and analyzes every transaction in an enterprises IT system and sends alerts when it discovers suspicious activity.

Separately, Zantaz this week will announce two new applications that run on top of its Digital Safe e-mail archiving software. The first, called Audit Center, enables a professional services organization to digest information in an archive. It provides a Web-based interface to create and run queries against data stores, as well as to design and deploy workflows that identify and flag relevant messages, according to officials at Zantaz, of Pleasanton, Calif.

Zantazs Digital Supervisor application facilitates compliance with regulations such as the National Association of Securities Dealers Inc.s rules on the use of inappropriate phrases in sales pitches by enabling compliance officers to scan for the phrases in e-mail messages as they are created. Additional capabilities let authorized users define a lexicon of words to be flagged, drill down into specific messages and create reports to show regulators.

Regulators and litigants are demanding access to corporate communications data because it has proved to be valuable in seeing how an organization works. In investigations as far back as the mid-1990s inquiry into Microsoft Corp.s treatment of competitor Netscape Communications Corp., e-mail has provided insight into what employees say to one another. Regulators "understand that [e-mail] is how business is done today," said David Greene, Zantazs director of market solutions, financial services.

For its part, ZipLip, of Mountain View, Calif., last week unveiled its Unified Archival platform, software that sits at enterprise e-mail gateways archiving e-mail messages to ensure that all messages are properly saved in compliance with regulations. The product can strip out attachments and offload them to a storage platform, including links to the attachments in the messages users receive to reduce e-mail server message volumes.

ZipLips platform enables privilege-based access with detailed audit trails and indexed searches.