Managed Hosting Managed Servers
888.664.6388
toll free		 610.266.7441
direct phone		 info@inetu.net
email
  Client Center Login Contact Us
Dedicated Servers
Dedicated Hosting Our Services Our Support Our Clients About Us About Us Managed Servers
Get a Quote
 

Sarbanes Oxley

Sarbanes Oxley
The Sarbanes-Oxley Act of 2002 requires publicly held companies to implement internal controls over their financial reporting, operations and assets. These internal controls must be evaluated using official documents that are then filed with the SEC. The act also requires the companies to make regular disclosures concerning the viability of their controls and potential fraud or losses that may affect the company's financial position. Since most companies' financial reporting and operations depend heavily on information technology, and due to the fact that many corporate assets now exist in the form of critical data, SOX has significant information security implications for companies governed by the law.

SOX Requirements
Within the act itself, key attention is currently being focused on Sections 302 (Disclosure) and 404 (Internal Controls). These sections are designed to ensure that information, which is required to be disclosed, is properly generated, processed, recorded and reported, while at the same time ensuring that management has assessed the effectiveness of internal controls regarding the reliability of financial reporting. Successful compliance with Sarbanes-Oxley Sections 302 and 404 requires considerable organization and focus.

302
Requires CEOs and Exec Management to understand how information is processed in their organization so they can appropriately sign off on financial statements.

404
Requires that internal controls that a company uses assure that their financial reports are accurately prepared. Designed to insure that internal records are not manipulated. If their data was manipulated, it should be tracked.

Below are the three key requirements within the act:

Security & Vulnerability Testing
  • No shared components, Patching, both host and network based IDS, VPN, hard passwords, dedicated firewall. Possibly encryption of backups. Physical security, Security Assessment Scans.
Data Integrity
  • Tracking of access/changes to data, who tracked, what IP.
  • Archiving of backups
  • Archiving of email
Protect stored data
  • No shared components can be used in the hardware configuration. The setup should include patching; both host and network based Intrusion Detection Systems, configuration of a Virtual Private Network, implementation of hard passwords, dedicated firewall, and security scans. Additional to this, but not any less important is maintaining physical security of the hardware and the stored data.

Implementation
As it is required for financial organizations, it is important to consider the way in which these policies are developed and implemented. INetU's hosting consultants can help with the implementation and maintenance of these policies to meet the requirements of the Sarbanes-Oxley Act.

Inquire





| Home » Managed Hosting » Compliance & Industry Solutions » Sarbanes Oxley