IBM takes on U.S. regulatory compliance requirements

IBM Corp. is introducing Wednesday bundles of hardware, software and services for helping companies comply with U.S. federal regulations -- an announcement whose amplitude is eliciting both words of praise and caution from analysts.

The new IBM offerings address changes companies should make to their IT infrastructure and to their business processes in order to comply with regulations such as the corporate governance Sarbanes-Oxley Act, the anti-terrorism U.S. Patriot Act and the health care HIPAA (Health Insurance Portability and Accountability Act).

IBM proposes that companies focus not only on complying with individual requirements, but on retooling IT systems and business processes from a broader perspective, so that the companies will be in a better position to comply with current and future regulations in general.

The IBM bundles address issues which are common to regulatory compliance across industries, such as the ability to archive e-mail messages, document financial transactions, protect the confidentiality of certain records, and standardize, store, retrieve and deliver data.

IBM's broad-based approach to the issue of regulatory compliance merits highlighting, analysts said. Currently there are many vendors that offer individual solutions focused on specific regulations, but there is a lack of comprehensive, holistic solutions, they said.

"It shows IBM coming to the table with one of the most comprehensive sets of offerings to address this area," said Stan Lepeak, a Meta Group Inc. analyst. "Nothing really jumps out at you from the individual pieces (of the announcement) but IBM has put together a good bundle of offerings that complement one another."

Approaching this issue with a broad view is beneficial because it lets companies implement changes that not only help with regulatory compliance but also improve IT operations in general, said John Hagerty, an AMR Research Inc. analyst. "It's refreshing to see IBM taking a broad approach at compliance," he said. "The prudent buyers look at compliance as something they need to be in step legally with the regulator and secondly as something they can do to improve their overall business."

The challenge for users is to figure out what their regulatory-compliance situation is so that they have a clear idea of what they need before they approach IBM, Meta Group's Lepeak said. Approaching IBM in a state of confusion may be counterproductive as users may find themselves buying more products and services than they actually need, he said.

National Account Service Company LLC (NASCO), a company dedicated exclusively to processing health benefits for Blue Cross Blue Shield plans in the U.S., has hired IBM in a variety of capacities -- consultant, services and hardware and software provider -- since 2000 for work related to the company's ongoing process to become HIPAA-compliant.

IBM's ability to deliver high-quality products and services in a timely fashion and within budget has helped NASCO tremendously in its HIPAA efforts, said Tom Gurganus, NASCO's director of regulatory compliance. "We've been very pleased and satisfied with what IBM has done for us," he said.

Another company that relies on IBM to comply with federal regulations is Viewpointe Archive Services LLC, which provides check and document image archive and retrieval services for financial institutions. The company outsources to IBM its IT operations, which are carried out at IBM sites by IBM staffers on IBM systems, including the DB2 database, a variety of AIX-based servers and storage devices.

Viewpointe has over 30 billion check images stored, and serves up to two million of them every day to customers who query its database, while operating within strict regulatory confines. "We have to be compliant with the highest levels of government supervision," said Viewpointe Chief Executive Officer John G. Lettko.

Seeing IBM launch this broad initiative in the compliance area is good news for him. "IBM's focus on the larger picture is very helpful because it means there will be continued investment and support in the products and in the way they deliver them for us, which is very positive news," he said.

Some of the bundles IBM is announcing include:

-- IBM E-mail Archive and Records Management Service: A hosted service for financial services companies which automates the capture, archiving and retrieval of incoming, outbound and internal e-mail messages, instant messages and other documents.

-- IBM DB2 Content Manager for Data Retention Compliance: A combination of services, IBM DB2 database software and iLumin Software Services Inc. software to address data archiving, retention and retrieval requirements from the U.S. Securities and Exchange Commission (SEC) and the NASD (National Association of Securities Dealers.)

-- IBM Asset Disposition Data Disposal - Disk Wipe Services: Services for ensuring that sensitive information gets removed from hardware that becomes obsolete and is discarded.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon