October 29, 2003, 10:48 AM — IBM Corp. is introducing Wednesday bundles of hardware, software and services for helping companies comply with U.S. federal regulations -- an announcement whose amplitude is eliciting both words of praise and caution from analysts.
The new IBM offerings address changes companies should make to their IT infrastructure and to their business processes in order to comply with regulations such as the corporate governance Sarbanes-Oxley Act, the anti-terrorism U.S. Patriot Act and the health care HIPAA (Health Insurance Portability and Accountability Act).
IBM proposes that companies focus not only on complying with individual requirements, but on retooling IT systems and business processes from a broader perspective, so that the companies will be in a better position to comply with current and future regulations in general.
The IBM bundles address issues which are common to regulatory compliance across industries, such as the ability to archive e-mail messages, document financial transactions, protect the confidentiality of certain records, and standardize, store, retrieve and deliver data.
IBM's broad-based approach to the issue of regulatory compliance merits highlighting, analysts said. Currently there are many vendors that offer individual solutions focused on specific regulations, but there is a lack of comprehensive, holistic solutions, they said.
"It shows IBM coming to the table with one of the most comprehensive sets of offerings to address this area," said Stan Lepeak, a Meta Group Inc. analyst. "Nothing really jumps out at you from the individual pieces (of the announcement) but IBM has put together a good bundle of offerings that complement one another."
Approaching this issue with a broad view is beneficial because it lets companies implement changes that not only help with regulatory compliance but also improve IT operations in general, said John Hagerty, an AMR Research Inc. analyst. "It's refreshing to see IBM taking a broad approach at compliance," he said. "The prudent buyers look at compliance as something they need to be in step legally with the regulator and secondly as something they can do to improve their overall business."
The challenge for users is to figure out what their regulatory-compliance situation is so that they have a clear idea of what they need before they approach IBM, Meta Group's Lepeak said. Approaching IBM in a state of confusion may be counterproductive as users may find themselves buying more products and services than they actually need, he said.
National Account Service Company LLC (NASCO), a company dedicated exclusively to processing health benefits for Blue Cross Blue Shield plans in the U.S., has hired IBM in a variety of capacities -- consultant, services and hardware and software provider -- since 2000 for work related to the company's ongoing process to become HIPAA-compliant.