Proactive Compliance

Mazda's European IT operations prepare for Japan's Sarbox regulations as part of a broader information protection strategy

Clement Laeremans, Manager, Information System Operations, Mazda Motor Logistics Europe

Clement Laeremans oversees IT for Mazda Motor Logistics Europe NV, but he keeps a close eye on his counterparts in Asia. And for good reason: Like many organizations that have operations in Japan, Mazda's remote IT departments must comply with J-SOX (the Japanese version of Sarbanes-Oxley) within a few months. "We absolutely have to be J-SOX compliant, and our users' systems have to play by the rules of J-SOX," says Laeremans, manager of the company's information system operations in Europe.

Mazda isn't alone. All Japanese businesses and their subsidiaries worldwide need to comply with J-SOX requirements for fiscal years beginning on or after April 1, 2008. Much like the Sarbanes-Oxley regulations in the United States, J-SOX calls for businesses to audit their financial, business, and technology operations, more closely. J-SOX also requires businesses to tighten their IT security and information protection efforts. "This is going to be a big challenge for hundreds-perhaps thousands-of companies that have ties to Japan," predicts Ed Golod, president of Revenue Accelerators Inc., a technology consulting firm in New York. "Sarbanes-Oxley was a major distraction here in the United States for many IT managers. Now, J-SOX will be a similar distraction."

While some businesses are struggling to jumpstart their drive towards J-SOX compliance, that's not the case at Mazda Motor Logistics Europe (MMLE). Indeed, corporate compliance is just one piece of the organization's broader information protection strategy. Leveraging several solutions from Symantec, MMLE has both fortified and simplified its data protection environment while saving 70,000 Euros (US$98,000).

That's no small feat. MMLE has a complex IT environment spanning an IBM mainframe environment running IBM DB2 database; a HP-UX server running Oracle database; and dozens of servers running Red Hat Enterprise Linux, Novell SUSE Linux Enterprise, Microsoft Windows, and VMware. If the data residing on these disparate server environments was compromised or somehow lost, Mazda Europe could face fines or other penalties related to J-SOX.

Still, ensuring corporate compliance isn't MMLE's only concern. As an enterprise serving 17 national sales companies, it must push beyond compliance regulations to ensure that its data is highly available for 24x7 business operations.

Email compliance

Increasingly, regulations like J-SOX and Sarbanes-Oxley require companies to protect both structured information (typically stored in databases) and unstructured data (like email systems).

In MMLE's case, email is a business-critical application that connects 250 internal users with more than 1,000 users in the 17 national sales companies. The system, based on Microsoft's Exchange Server, is a pipeline that can't afford to suffer information loss. To safeguard the system, the company leverages Symantec Enterprise Vault for archiving and e-discovery, including policy management. Enterprise Vault helped MMLE condense the size of its Exchange Server system by 45 percent.