New IBM Software Automates Business Compliance Requirements

"One-Stop Audit Center" software automatically compiles sensitive audit information

ARMONK, NY -- December 16, 2005 -- IBM today announced new software that automates the way banks, hospitals, and other organizations can audit and report on information -- from sensitive financial data to patient health care records -- as they deal with various compliance mandates.

IBM Tivoli Access Manager acts as an "all-in-one audit center" for customers. Normally, when companies are audited, they must endure the cumbersome process of checking who has access to each application -- such as e-mail systems, portal sites, or different internal HR or financial databases. For example, if an employee has access to five different applications, IT administrators must take the time to check each set of systems to gather data. The new version of Tivoli Access Manager automates that process by capturing the data in one centralized location and then generating automated compliance reports.

This helps companies avoid compliance violations by allowing a company's internal IT security team to control who has access to what application, which helps prevent employees from reaching confidential health records or from trying to read early quarterly financial information before it's publicly available. The centralized reporting capability enables compliance officers to quickly detect unauthorized access to resources and immediately remediate with Tivoli Identity Manager.

When combined with Tivoli Federated Identity Manager, these capabilities are extended outside of the company, enabling companies to centrally audit and report on business partner and third-party access to services. Tivoli Access Manager also provides full identity management for web-based businesses through IBM Tivoli Directory Server or almost any other repository that stores user names and passwords.

A recent AMR Research Alert indicates that the 2006 spending to meet the requirements of the federal compliance act will be $6 billion. Also according to AMR Research, technology is playing an increasingly significant role in the integration of Sarbanes-Oxley compliance initiatives into business processes. Throughout 2005, companies reported that they were refining existing business and IT controls in preparation for automation efforts using technology (see note 1).

"IBM access management software enables companies to cut through the clutter of compliance," said Stuart McIrvine, director of corporate security strategy, IBM. "With the new version of Tivoli Access Manager, organizations can automate the way they collect information for compliance reports, which will cut the time and cost it takes to meet regulatory mandates."

Tivoli Access Manager for e-business v.6.0 was released with full general availability today. IBM helps organizations better manage information technology (IT) resources, tasks and processes in order to meet ever-shifting business requirements and deliver flexible and responsive IT service management. Tivoli's portfolio spans software for security, storage, performance and availability, configuration and operations, and IT lifecycle management. The software enables companies to manage IT infrastructure more efficiently and effectively, ensure that IT infrastructure is compliant with business policies and regulations, and reduce complexity by leveraging best practices, process integration and automation across the entire infrastructure. For additional information, go to http://www.ibm.com/tivoli.

About IBM

IBM is the world's largest information technology company, with 80 years of leadership in helping businesses innovate. For more information about IBM, visit http://www.ibm.com.

- - -

Note 1: AMR Research Alert, "SOX Spending for 2006 To Exceed $6B," John Hagerty, November 29, 2005