What technology does the software use? An IT department must have this information in order to evaluate the design of the software, determine the infrastructure needed to support the software, and its cost.

ELM is a centralized system monitoring, alerting, and reporting solution that runs on Windows systems. It has a four part architecture that includes Agents, an ELM Server, an ELM Console (UI), and access to a Windows SQL Server. The Agents collect event log entries from Windows servers and transfer them to the ELM Server, where they are stored in a database. Syslog messages and SNMP traps are also received at the ELM Server and are processed similar to Windows events, making it possible to monitor non-Windows devices. Using ELM's filtering at the Agent level and in the archive process, storage and bandwidth requirements can be optimized.

Is software downloaded onto individual users’ PCs? For most IT departments, software downloads are a red flag that signals a compatibility and support nightmare. Web-based software accessed through a Web browser minimizes this concern.

TNT Software recommends installing a small footprint Service Agent on the monitored Servers. As an alternative, Virtual Agents are available for systems where installation of an Service Agent is restricted. This flexibility provides "firewall friendly" and low impact options for monitoring of servers in the enterprise. Data collection at the workstation level is rarely required.

What are the software provider’s security procedures? Product design should require that only authorized personnel have access to the application and database. Software hosted outside the customer’s network and delivered by an application service provider should have security features such as encrypted data transmission and frequent backups.

ELM supports the Windows security strategies. To install the ELM Server or the Service Agents, the administrator must be logged on with an account having administrative rights for the target computers. All users connecting to the ELM Server through the ELM Console must have DCOM Permission. ELM also supports Windows Access Control List for object and item-level security, preventing authorized configuration changes.

ELM includes several innovative security measures. Proprietary encryption is done in communication paths; specifically, from the Service Agents to the ELM Server, to the ELM Console, and database. To ensure data reliability, it is cached at the Agents if the they cannot connect to the ELM Server and transferred automatically when communication is reestablished. Similarly, if the ELM Server cannot transfer data to the SQL Server, a temporary fail-over database is generated at the ELM Server. This data is transferred to the database as soon as connectivity is reestablished. ELM provides unparalleled security and reliability.

How many simultaneous users can the software support? The software must support all the company’s employees in order to be useful for compliance.

ELM supports enterprises with tens of thousands of end users. The limiting factor for ELM is not the number of end users but the volume of data processed at the ELM Server. Often the resources available to the ELM Server and bandwidth bottlenecks restrict the quantity of servers ELM will monitor. To optimize performance for large organizations, multiple ELM Server installations are recommended. The multiple servers can store to the same database supporting a resource distribution architecture.

Tests have confirmed that an ELM server can process 5 to 10 million events per day.

What are the user access controls? Systems must control what users are allowed view and what users are allowed to do.

All users connecting to the ELM Server using the ELM Console are required to have DCOM permission on the ELM Server. ELM also supports Windows Access Control List for object and item-level Security.

Does the software have an efficient documentation process? Control documentation requires the most resources. Software installations that allow many users to document controls and testing while limiting review and publishing authority to a smaller group of project leaders will make the process more efficient.

ELM includes an innovative reporting engine complete with preconfigured reports. Log-0n/Log-off and Object Access reports are available and authorized by ACL conditions. ELM can collect auditing activity report data from the entire enterprise and restrict access to only project leaders.

Does the software address aspects of Sarbanes-Oxley other than section 404? Section 302 requires that management certify its financial results and internal controls. Software that maintains online disclosure questionnaires for employees to complete and summarizes responses and comments helps a company’s disclosure committee evaluate the entity’s financial disclosures, and the CEO and CFO make accurate certifications.

While questionnaires are beyond the scope of ELM, ELM supports Section 302 with a rich notification engine. ELM monitors event logs in real-time and processes them through customizable filters. As a result, when Log-on password failures and file access denied events are recorded in the Security Logs, ELM will immediately notify IT Managers of the possible threats. Intrusion detection is a critical component in certifying the accuracy and reliability of accounting records.

What benefits does the software provide beyond Sarbanes-Oxley compliance? Given the significant resources required to comply with the act, companies are seeking ways to leverage their efforts and improve their business. Applications that allow a company to standardize procedures, share best practices, and document and communicate policies and procedures will increase the company's return on the investment it makes in the software.

ELM Log Monitor was released in February 2002. It was launched long before Sarbanes-Oxley was approved. It is a functional subset of the comprehensive system management solution, ELM Enterprise Manager. ELM Log Monitor was developed to support Security Administrators with real-time monitoring, alerting, and reporting of log files, including all Windows event logs and application log (flat) files. It extends across platforms by accepting Syslog Messages and SNMP Traps from network devices. ELM will fortify the security perimeter on any Windows network.

How does the software track changes? CPAs must look for access to prior versions of all controls and for an audit trail with date- and time-stamps for each user’s actions. Changes should be communicated automatically to users who need to see them.

By collecting and filtering Security Event Logs in real-time, ELM Log Monitor allows administrators to archive audit data for possible forensic evaluation and filter the streaming data to alert IT Managers of suspect activities. These event entries are complete with "who, what, where, and when" data. Concise reports can be generated on a scheduled basis in order to evaluate trends and threatening behavior. ELM Log Monitor is constantly watching authorized and unauthorized access to critical accounting records.