ArcSight , Inc. announced the availability of ArcSight ESM Compliance Insight Package for J-SOX, a comprehensive solution framework that enables Japanese companies and their international subsidiaries and affiliates to address J-SOX - a corporate governance mandate created by Japan's Financial Services Agency.
The legislation has financial control compliance regulations comparable to those in sections 302 and 404 of the 2002 Sarbanes-Oxley Act. With the ESM Compliance Insight Package, ArcSight is providing global companies with the guidance, tools and processes necessary to proactively address and monitor J-SOX compliance controls, while supporting existing enterprise-wide IT governance and risk management initiatives.
ArcSight ESM Compliance Insight Package for J-SOX offers customers broader visibility and an in-depth understanding of security and IT events that could materially impact J-SOX compliance and other regulatory mandates. ArcSight has developed a holistic technology solution that facilitates J-SOX compliance mandates by collecting, analysing, reporting and managing activities across all compliance objectives.
As a result, customers are better equipped to understand the priority and context of every event, automate key monitoring and review controls, and effectively manage long-term compliance and risk management strategies.
"Increased compliance regulations have tasked global companies with the responsibility of closely monitoring and fully disclosing the context of all material financial and IT events," said Hugh Njemanze, CTO and Executive Vice President of Research and Development, ArcSight.
"ArcSight ESM Compliance Insight Package for J-SOX delivers a flexible platform for companies to comply through the collection and analysis of large data sets across a heterogeneous IT environment - thereby facilitating improved business integrity and confidence among corporate stakeholders."
The Financial Instruments and Exchange Law, the official name for J-SOX, is scheduled to go into effect for the fiscal year beginning on or after April 1, 2008. Nearly 4,000 publicly traded companies in Japan and their foreign subsidiaries will be affected by the legislation.
In order to comply with J-SOX, companies are expected to proactively assess the efficacy of any existing compliance and risk management policies in place. ArcSight ESM Compliance Insight Package for J-SOX was developed to facilitate those processes, and enable companies to transition beyond traditional "check the box" compliance initiatives to a more strategic, automated platform that enables them to mitigate risk and adequately address regulatory requirements.
"Companies that fall under J-SOX are at various stages of preparing to comply," said Kathleen Wilhide, research director for GRC and Business Performance Management Solutions, IDC. "Organisations should leverage learnings from SarbOx and get an early start to put in place a defensible compliance framework and strategies to automate controls monitoring and analysis."
By addressing critical scenarios in real-time, ArcSight's next-generation technology has proven to be an integral part of IT governance, risk management and fraud prevention strategies in addition to addressing long-term security requirements.
The release of ArcSight ESM Compliance Insight Package extends that value-proposition to J-SOX by helping companies mitigate and manage compliance violations, while empowering them to increase enterprise-wide IT efficiencies and reduce auditing cost through leveraging core functionalities in real-time,
*Identity and Role Correlation - Determine the significance of a
security or compliance event, identifying who it correlates to and what the person's role is in the organisation. In addition, it monitors violations of business processes or policy compliance, and tracks the actions of individuals with their business role, as well as monitoring key segregation of duties processes.
*Trend Reporting - Tracks and measures long-term activity to
identify changes in risks or threats, and to substantiate compliance over a defined period of time. It also improves reporting on historical data helping eliminate redundant data scans spanning long periods of time.
*Log Collection and Analysis - Automation of IT monitoring and
review controls evaluates risk and detects compliance violations, enabling customers to identify and remediate incidents before they significantly impact compliance.