Sarbanes-Oxley Act (SOX) Compliance
The Sarbanes-Oxley Act (SOX) is a result of a large number of U.S. accounting scandals over a relatively short period of time, beginning with the collapse of Enron in October 2001. Companies are now estimated to spend an average of US$3 million each in their compliance efforts.
The most prominent area is known as Section 404, which mandates that management establish and report on their control structure and that management assertions be audited by an external firm at least annually.
So what exactly is a control structure? It is a system of checks and balances that ensure the accuracy and integrity of a company's financial data. In today's world, controls are primarily implemented within a company's IT infrastructure, so compliance with Section 404 means implementing a lot of information security processes and technologies.
The most common problems facing companies in their compliance efforts are:
- Defining the scope of the systems affected
- Access control and user management
- Maintaining compliance with configuration policies across all their systems
- Collecting and analyzing audit logs
Relying on guidance from the government and auditors, most companies have turned to COBIT (Control Objectives for Information and related Technologies) for help in implementing IT controls. COBIT lays out best practices for IT controls, but it is up to each company to determine which controls make sense for their organization. With our solutions and professional services, you can identify, implement and automate your most critical controls.
Our SOX Solutions
We offer a range of products that help organizations define, manage and report a consistent set of internal controls over their corporate data and systems.
- Our Security Manager brings together best-of-breed security point products into a central security console, enabling real-time notification and response to suspicious activity detected by remote security sensors. Our Security Manager can alert the institution to non-compliant firewall configurations or out-of-date virus signatures in addition to real-time intrusion alerts. Our Security Manager can also allow you to collect, easily review and query all of your audit logs.
- If a majority of your controls over financial reporting are implemented through your IT systems, then those systems must be up and running or employees will be forced to circumvent your regular control structure. The AppManager Suite provides you with the ability to monitor, troubleshoot, and address the performance and availability needs of your entire financial reporting infrastructure, as well as tracking data for trending and capacity planning purposes.
- Both Secure Configuration Manager and Security Manager provide a rich delegation model for the audit and enforcement of security responsibilities. Our solution can manage Active Directory and Group Policy without granting administrator privileges to any employees.
- Sentinel Enterprise helps you prove compliance with SOX-friendly security and access policies through automated security monitoring and incident response management that formalizes the process of tracking, escalating and responding to policy violations.
- Identity Manager automates the management of user identity and access rights throughout their lifecycle. You can grant users role-based access to resources when their relationship with your organization begins, update access rights when their role changes, streamline password management and immediately remove access rights when the relationship ends.
- Access Manager makes sure only authorized users can access sensitive information inside or outside your firewall—with SSL VPN, identity federation, web single sign-on and more.
- Identity Governance enables you to run effective access certification campaigns and implement identity governance controls to meet your compliance mandates while proactively mitigating risk. The solution provides automatic reminders and progress updates, including decision support for approvers and issue escalation for administrators.
- SecureLogin enforces SOX-compliant security policies and restricts users' access to sensitive financial data on the network.
- Sentinel Log Manager comes with reports needed for common regulatory reporting such as SOX, PCI-DSS, HIPAA, and more. These predefined reports reduce the time you must spend on compliance.