A slew of new legislations and standards have emerged in the aftermath of the Enron, WorldCom and other debacles as governments impose measures designed to prevent future collapses. Those with the most far-reaching consequences include the following :
For the IT departments of numerous corporations, the most onerous of all the new regulations is the Sarbanes-Oxley Act of 2002 (SOX). This comprehensive legislation was designed by the Securities and Exchange Commission (SEC) to protect shareholders and the general public from a company’s accounting errors and fraudulent practices. A major outgrowth of SOX’s mandate to improve corporate transparency and accountability has been far-reaching directives requiring a new level of information system documentation and much more stringent security and access control.
In fact, SOX laws allow corporations – as well as their owners and managers — to be held liable for the unauthorized disclosure of private information – even inadvertent. As such, businesses now recognize the risk associated network security breaches and are earmarking budgets for investment in security projects involving access control, authentication, and preservation of audit information.
The execution of these projects is falling on the shoulders of the IT department, who must find and implement cost effective solutions for SOX compliance – while continuing with all ongoing activities.
Much of the literature regarding IT compliance with SOX, Basel II, ITIL and other regulations has concentrated on attaining reliability, replicability and auditability of data. However, the security, control and documentation of the network’s underlying infrastructure, or the physical layer, are of equal concern to the regulations, with breeches carrying equal importance.
The Standard Operating Procedures (SOPs) required mandate new approaches to the management of network changes and configuration, and the integration and centralization of access control. Comprehensive documentation is required to perform correlated audits regarding who had access to information at what time, together with when and why access models were changed.
Within the FDA guidelines, for instance, it is clearly stated that SOPs should be established for, but not limited to:
All these procedures have to be planned, implemented and audited– and each of the separate stages also has to be documented. The vast documentation implied by these directives begins at the time of network and procedural planning, and continues through implementation and operation.
Clear, accessible documentation must provide an accurate picture of the network’s entire physical layer, including a description of all computerized systems and the relationship of hardware, software, and the physical environment.
In addition, a clear audit trail must be provided regarding all provisions, MACs (Move, Add or Change), maintenance work orders, and upgrade. With a policy of positive control, the IT staff must be able to positively guarantee that no unauthorized equipment is connected to the network, and that no information can possibly leak out of the organization.
Intelligent Infrastructure Management Solution: automating compliance at the physical layer. Although originally designed over a decade ago before these legislations came into existence, the Intelligent Infrastructure Management Solution offers IT and infrastructure managers the ability to take control of their entire wired network infrastructure, automatically monitoring all mission critical connections and networked devices throughout all Enterprise premises and locations for connection, provisioning, maintenance and connection-based security.
The ability of the system to document all activities translates into a huge time-saver for overworked Network personnel who are busy enough planning and implementing, even with the assistance of the system, to leave time to adequately document all the network activity.
Intelligent Infrastructure Management Solution offers the following key benefits to assist in compliance with legislation:
PV4E’s unique end-to-end system tracks network connectivity from the Terminal Equipment (PC’s, telephones, IP phone, printers, etc.) through the Physical Connectivity Component (patch panels and cables) to the Network Equipment (LAN switches, PBXs, Hubs, etc.).
Each task is assigned to a technician and a completion date for the task is determined. Technicians take ownership and perform their assigned tasks. Once tasks are completed the database is automatically updated, eliminating the need for manual data entry. From Work Order initiation to Work Order completion, the status of a Work Order or of an assigned task can be monitored.
P-LET discovers all active devices on the network and maps them with their location and link information. Information about the Station is collected during the discovery process, which includes the IP address, MAC address, Host Name and Service type. All this information is then entered into the database automatically and is available to the network administrator in a graphical representation.
We have presented here only some of the benefits Intelligent Infrastructure Management Solution can bring to an organization. The complete visibility into the physical connectivity of the network provides useful information to various parts of the company. As well as assisting in legislation compliance efforts, Intelligent Infrastructure Management Solution can also be of use in privacy compliance – where particularly sensitive VLANs can be restricted also by physical location (e.g. HR departments, finance departments) thus ensuring that as “secure links” they will alert to any threatened disconnection – authorized or unauthorized.
For Help desks and IT support with tough SLA demands the software offers the ability to track the time taken to carry out MACs and thus help in charging back to internal departments or alternatively as a means to supervise outsource suppliers.
Remote management of branch offices can be achieved by means of the web-based management software thus ensuring the same strict standards of reporting and compliance are adhered to in all parts of the organization.
Intelligent Infrastructure Management Solution offers the ability to automatically manage the network infrastructure at the physical layer and ensure not only legislative compliance but overall efficient network utilization and connectivity control.