Role of an auditing and reporting service in compliance management

Abstract

Regulatory compliance has become a major focus in today's business environment as companies adapt to comply with regulations such as Sarbanes-Oxley, Basel II, and HIPAA (the Health Insurance Portability and Accountability Act). Runtime audit data that records information such as operational logs represents a key element needed for compliance management. An audit service that manages the life cycle of audit data is thus a critical component of any compliance management system. This service should support mechanisms to submit, centrally collect, persistently store, and report on audit data, as well as enable the archiving and restoration of audit data. This paper describes an audit service technology that is included in some IBM products to enhance their auditing capabilities and explains how this audit service can be used to support a company's compliance strategy. Using scenarios as examples, we show how reports provided by one of the products that uses this audit service can be instrumental in demonstrating compliance.