As a result, new technologies are evolving to help companies apply and enforce policies regarding communications and data management -- two areas of extreme vulnerability. Monitoring e-mail and applying strict permissions rights to documents may not play well at the water cooler, but a lot is at stake. The question is, can technology really help companies put their ethical houses in order?

Policy Crackdown

"If you just had technology sitting out there by itself, you wouldn't have a lot of risk," Kimber Spradlin, product manager at NetIQ, told NewsFactor. "[The industry] has done a lot to address the technology risks, but we haven't done nearly as much to address the people risks."

VigilEnt Policy Center from NetIQ is a Web-based application that automates the processes around the human element of corporate policy implementation. Its functionality encompasses policy development and distribution, employee training, and even compliance testing. "This product is about being able to go to the CIO and look him in the eye and say I know employees have read and understood the security policies," Spradlin said.

In addition to security policies, however, VigilEnt Policy Center can be applied to human-resources policies, such as sexual harassment, drug use and other ethical minefields. The software enables an administrator to ensure that an employee has received and read the policy and to collect a digital signature that replaces the old process of getting new employees to sign the back of the company handbook.

"There have been a lot more lawsuits recently around wrongful termination -- people being fired for violating company policy," Spradlin said. The employees that win their cases usually argue that they were unaware the policy existed, she said.

Test Cases

VigilEnt's quizzing capabilities for testing employee knowledge of policies are in use in the healthcare and financial services industries where such laws as the new Health Insurance Portability and Accountability Act (HIPAA) have severely restricted how employees handle confidential customer information, Spradlin said.

The software also has a policy-violation reporting feature -- an online Web form -- that allows employees to anonymously report legal and company policy violations. Some companies are using the form to satisfy a part of the Sarbanes-Oxley Act that requires companies to provide a means for employees to report any accounting irregularities they observe, Spradlin said. (continued...)

1  |  2  |  3  |  Next Page >