Okay, so you made it through your audit of internal controls for your information technology last year. But can you do it over and over again? If the answer to that question is 'no' or 'not sure,' then SecureInfo Corp., a maker of information security and compliance solutions since 1992, may have a product for you. As it attempts to break into the corporate marketplace, the San Antonio-based company–with a customer list that includes the U.S. Air Force and the Department of Homeland Security– is releasing a commercial version of its flagship business IT security application, ComplianceAuthority 3.5, for repeatable data security and compliance self-assessment oversight. The product helps companies understand their requirements under the Sarbanes-Oxley Act, HIPAA and other regulations and maps those obligations to industry standards of practice.

The latest version makes it easy for a CFO or other executive to oversee the compliance efforts of a company's IT department and assess where the company stands in meeting various requirements. The Web-based system offers a series of questionnaires that are used to assess a company's compliance needs. The system draws on a deep regulatory library and returns a report about where a company's systems satisfy or fail requirements, and recommended fixes. "This allows a CFO to see how the company is doing on information security as part of an overall audit," says Steve Kiser, CEO at SecureInfo. "We cover organizational structure, physical security and informational security and make sure a company understands what it needs [to do] across multiple organizations." ComplianceAuthority 3.5 is based on the COSO and COBIT frameworks.

Among its features, the system can assess where a company stands against industry security standards. Drill-down capabilities let executives pinpoint IT security weaknesses based on a company's existing workflow plans. ComplianceAuthority 3.5 also contains a tool for determining information security risks at organizations acquired through merger and acquisition transactions. Merrill Lynch & Co. and Hewlett-Packard Co. are among the latest companies to have tested ComplianceAuthority 3.5 and now use it in their deployments.