Sarbanes-Oxley Act (SOX) Compliance


The Sarbanes-Oxley Act (SOX) is a result of a large number of U.S. accounting scandals over a relatively short period of time, beginning with the collapse of Enron in October 2001. Companies are now estimated to spend an average of $3 million each in their compliance efforts.

The most prominent area is known as Section 404, which mandates that management establish and report on their control structure and that management assertions be audited by an external firm at least annually.

So what exactly is a control structure? It is a system of checks and balances that ensure the accuracy and integrity of a company's financial data. In today's world, controls are primarily implemented within a company's IT infrastructure, so compliance with Section 404 means implementing a lot of information security processes and technologies.

Business Problem

The most common problems facing companies in their compliance efforts are:

  • Defining the scope of the systems affected
  • Access control and user management
  • Maintaining compliance with configuration policies across all their systems
  • Collecting and analyzing audit logs

Relying on guidance from the government and auditors, most companies have turned to COBIT (Control Objectives for Information and related Technologies) for help in implementing IT controls. COBIT lays out best practices for IT controls, but it is up to each company to determine which controls make sense for their organization. With NetIQ solutions and professional services, you can identify, implement and automate your most critical controls.

Our SOX Solutions

NetIQ offers a range of products that help organizations define, manage and report a consistent set of internal controls over their corporate data and systems.

  • NetIQ Security Manager brings together best-of-breed security point products into a central security console, enabling real-time notification and response to suspicious activity detected by remote security sensors. NetIQ Security Manager can alert the institution to non-compliant firewall configurations or out-of-date virus signatures in addition to real-time intrusion alerts. NetIQ Security Manager can also allow you to collect, easily review and query all of your audit logs.
  • If a majority of your controls over financial reporting are implemented through your IT systems, then those systems must be up and running or employees will be forced to circumvent your regular control structure. The NetIQ AppManager Suite provides you with the ability to monitor, troubleshoot, and address the performance and availability needs of your entire financial reporting infrastructure, as well as tracking data for trending and capacity planning purposes.
  • Both NetIQ Secure Configuration Manager and NetIQ Security Manager provide a rich delegation model for the audit and enforcement of security responsibilities. The NetIQ solution can manage Active Directory and Group Policy without granting administrator privileges to any employees.
  • NetIQ Sentinel helps you prove compliance with SOX-friendly security and access policies through automated security monitoring and incident response management that formalizes the process of tracking, escalating and responding to policy violations.
  • Identity Manager automates the management of user identity and access rights throughout their lifecycle. You can grant users role-based access to resources when their relationship with your organization begins, update access rights when their role changes, streamline password management and immediately remove access rights when the relationship ends.
  • NetIQ Access Manager makes sure only authorized users can access sensitive information inside or outside your firewall—with SSL VPN, identity federation, web single sign-on and more.
  • Access Governance Suite is a powerful package of products that improves risk management by aligning business processes with the IT policies that implement them. The suite includes Lifecycle Manager to deploy effective roles-based access control and simplify compliance, and Certification Manager to automate the monitoring, reporting, certification and remediation of user entitlements.
  • SecureLogin enforces SOX-compliant security policies and restricts users' access to sensitive financial data on the network.
  • Sentinel Log Manager comes with reports needed for common regulatory reporting such as SOX, PCI-DSS, HIPAA, and more. These predefined reports reduce the time you must spend on compliance.

Let's Talk


Welcome , Want to talk to someone? Call our Sales team or request a call and we'll get right back to you.

  • Sales: (888) 323-6768

For support information, please visit Technical Support.