Updated Enterprise Security Management System Ensures Sarbanes-Oxley 404 Compliance

CARLSBAD, Calif. – Nov. 29, 2004 – Preventsys Inc., a pioneer in information security and policy compliance systems specifically for large organizations, today announced that it has updated the Policy and Regulatory Compliance module of the Preventsys Enterprise Security Management System to include new and updated compliance rules related to Sarbanes-Oxley (SOX) -- including section 404 of the Act, which mandates that internal controls be proven to protect the confidentiality, integrity and availability of financial, management and reporting technology systems.

“The Section 404 deadline of November 15, 2004 has come and gone, and it’s a safe bet that hundreds of top companies are still struggling to comply with Sarbanes-Oxley’s strict guidelines,” said Tom Rowley, chief executive officer of Preventsys. “With the new update to the Preventsys Enterprise Security Management System, we automate the compliance audit process across all IT systems, so there’s no need to guess what the state of compliance is for your company. Also, we added up to the minute compliance reports that can be generated with the push of a button. The Preventsys system can pinpoint and identify Section 404 trouble spots immediately.”

The Preventsys Policy & Regulatory Compliance system is an automated compliance management software solution that enables complex organizations to effectively measure compliance against requirements deemed necessary for financially significant IT systems in accordance with the Sarbanes-Oxley law and other policies and regulations. The Preventsys system enables repeatable and consistent auditing and reporting over time at both a macro level (global network, business units, financial systems, etc.) and at a micro level (per sub-network or per audit). Preventsys also enables large companies to have a complete record of computer and monitoring controls, and an effective, automated way to address non-compliance issues through its built-in workflow, issue assignment, and tracking capabilities.

Preventsys provides a single, modular enterprise solution that:

  • Reports compliance against auditor-established requirements on all financially significant systems, at any time during the audit period. Reports trends in compliance over time.

  • Provides comprehensive auditing across the myriad systems that affect the financial environment (e.g., licensing, order entry, manufacturing, G/L, treasury, etc.).

  • Enables auditing of both process and technical items by complementing programmable rules that translate SOX policy language into empirical technical checks, with manual audit tasks that address process and procedure related items (e.g., were the backup tapes sent off-site last week, did every member of the team read the latest policy update, etc.).

  • Tests the security controls of financially significant systems from a network level, OS level, and application level to ensure that network devices, machines, and software are configured correctly and operating as intended.

  • Provides frequent, automated, scheduled audits and reports as often as the security or compliance staff deems appropriate (for example, once a week or once a month).

  • Identifies and accounts for changes in technology and therefore potential changes in the control environment

  • Determines if new threats, penetration attempts, or vulnerabilities (such as worms and viruses) that have been discovered can potentially affect financially significant systems.

  • Identifies, assigns, tracks, and re-assesses the remediation actions taken to ensure that changes in the control environment are addressed and fixed.

Unlike Symantec’s Enterprise Security Manager, the Preventsys Enterprise Security Management System does not require host agents or the use of hard-coded policy templates and instead leverages existing security tools and infrastructure, offering comprehensive coverage at all layers of the network. Customers can employ frequent, repeatable and consistent reporting on compliance over time across their entire IT infrastructure, using the exact controls their auditors have certified. Through its built-in workflow, task assignment and tracking, the Preventsys system offers customers a powerful system to find, address and track out-of-compliance issues, as well as manage the entire information security lifecycle.

About Preventsys Inc.

Preventsys’ pioneering solutions are designed to help large, distributed enterprises integrate and automate the many tools and functions of information security. The company is headquartered in Carlsbad, Calif. and has regional offices across the U.S. More information can be found at http://www.preventsys.com or by calling 760-268-7800.

# # #

Copyright 2004 All rights reserved. All companies and products mentioned are trademarks and property of their respective owners.