Sarbanes-Oxley (SOX) IT Compliance

Making Sure Your Organization’s Data is in IT Compliance with SOX

Request a Free Trial

Powered by ChronoForms - ChronoEngine.com

What is the Sarbanes-Oxley (SOX) Act?

The Sarbanes-Oxley (SOX) Act was established as Federal law for all publicly held corporations within the United States and establishes extensive civil and criminal penalties (fines/prison time) for noncompliance. The SOX Act has made it mandatory for organizations to make sure that their confidential financial information is accurate and the systems generating the information are reliable. The main driver behind the establishment of SOX is to ensure that verifiable security controls are in place within organizations to protect against the disclosure of confidential financial data, as well as provide detailed insight and tracking of employees that have access to confidential financial data. This helps to detect data tampering, which may be a sign of fraudulent activity.

Do I need to comply with SOX?

Your organization MUST comply with SOX if it is:

  • Publicly traded

All publicly-traded companies in the United States, including all wholly-owned subsidiaries, and all publicly-traded non-US companies doing in business in the US are effected.

  • A private company, but is planning to offer an initial public offering (IPO)

Private companies that are preparing for their initial public offering (IPO) also need to comply with certain provisions of Sarbanes-Oxley.

How STEALTHbits Enables SOX Compliance

SOX Compliance - Deep Insight and Security Intelligence to IT Systems

Deep Insight and Security Intelligence to IT Systems Under SOX Compliance

Combining user and server activity with baseline conformance and change detection capabilities, STEALTHbits' solutions enables clear visibility into the changes occurring across critical systems, applications, and data stores, in addition to whether or not those changes were authorized according to SOX policy definitions. This known state of SOX compliance can then be actively monitored and protected in real-time to prevent unauthorized changes from occurring, giving a lifecycle approach to SOX compliance.

SOX Compliance - Real-Time Change Insight, Detection, and Reporting

Real-Time Change Insight, Detection, and Reporting for SOX Compliance

STEALTHbits’ solutions deliver confidence to agencies and organizations by detecting and immediately alerting on any unauthorized or ad hoc change that circumvented established security policies to security and compliance custodians. With an audit trail that is secured and not reliant upon native system logging, IT staff have the ability to provide step by step insight to auditors or assessors during the audit cycle and arm them with detailed reports that demonstrate changes made to their information systems can be detected, corrections verified, and anomalies found, explained, and account for.

STEALTHbits Solutions for the SOX Compliance Framework

Requirement CobIT Control Description Report Mapping Capability Mapping
SOX Sections 302 and 404
COSO Components
  • Risk assessment
  • Control activities
  • Information & Communication
EDM01 Analyze and articulate the requirements for the governance of enterprise IT, and put in place and maintain effective enabling structures, principles, processes and practices, with clarity of responsibilities and authority to achieve the enterprise’s mission, goals and objectives. Access
Auditing
Governance
Data Access Governance
SOX Sections 302 and 404
COSO Components
  • Control activities
  • Information & Communication
BAI09 Manage IT assets through their life cycle to make sure that their use delivers value at optimal cost, they remain operational (fit for purpose), they are accounted for and physically protected, and those assets that are critical to support service capability are reliable and available. Manage software licenses to ensure that the optimal number are acquired, retained and deployed in relation to required business usage, and the software installed is in compliance with license agreements. Access
Auditing
Governance
Data Access Governance
Sensitive Data Discovery
Data Classification
Change & Access Monitoring
File Activity Monitoring
SOX Sections 302 and 404
COSO Components
  • Control activities
  • Information & Communication
BAI10 Define and maintain descriptions and relationships between key resources and capabilities required to deliver IT-enabled services, including collecting configuration information, establishing baselines, verifying and auditing configuration information, and updating the configuration repository. Access
Auditing
Governance
Data Access Governance
Change & Access Monitoring
SOX Sections 302 and 404
COSO Components
  • Control activities
  • Monitoring Information & Communication
DSS04 Establish and maintain a plan to enable the business and IT to respond to incidents and disruptions in order to continue operation of critical business processes and required IT services and maintain availability of information at a level acceptable to the enterprise. Access
Auditing
Governance
Data Access Governance
Change & Access Monitoring
SOX Sections 302 and 404
COSO Components
  • Control activities
  • Monitoring
MEA02 Define the actual scope by identifying the enterprise and IT goals for the environment under review, the set of IT processes and resources, and all the relevant auditable entities within the enterprise and external to the enterprise (e.g., service providers), if applicable. Access
Auditing
Governance
Data Access Governance
Change & Access Monitoring
File Activity Monitoring
SOX Sections 302 and 404
COSO Components
  • Control activities
  • Monitoring Information & Communication
MEA03 Monitor and report on non-compliance issues and, where necessary, investigate the root cause. Access
Auditing
Governance
Data Access Governance
Sensitive Data Discovery
Data Classification
Change & Access Monitoring
File Activity Monitoring

Resources

STEALTHbits Technologies & SOX

Executive Brief

Learn More

STEALTHbits 2018 Compliance and Framework Toolkit

Toolkit

Learn More