Many organizations have to comply with multiple regulatory requirements for their information security infrastructures. Fragmented efforts to comply Sarbanes-Oxley (sarbox or SOX), Gramm Leach Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry - Data Security Standard (PCI-DSS), and ISO 27000 series, to name a few, can result in costly duplication of efforts, or worse, security holes due to the confusion of so many resources trying to tackle similar or the same problems.
Although many commercial tools are available to unify compliance efforts and to audit them, they come with a price tag that is too high for many small to medium sized businesses.
As with so many problems, large and small, an open source alternative exists. The Security Officers Management and Analysis Project[1] hosts a suite of tools including Risk Methodology[2], Risk Model[3], and Risk Framework and Tool[4] designed to help organizations meet compliance needs without duplicating efforts. For the Risk Framework and Tool (ORICO), there is a web client for enterprise efforts, and a desktop client for smaller organizations.
Before making a huge expenditure on a commercial tool, or throwing up your hands because you can't afford to consolidate compliance (what a horrible catch 22, you can't afford to reduce cost!) give SOMAP.org's tools a try.
If it doesn't have a feature you need, join the project and make it a reality.
[1]http://www.somap.org/default.html
[2]http://www.somap.org/methodology/default.html
[3]http://www.somap.org/orimor/default.html
[4]http://www.somap.org/orico/default.html