DQS Certification India Private Limited logo afaq-afnor

Sarbox Act or Sarbanes-Oxley Act (SOX)

What is SOX Compliance?

Sarbanes-Oxley is a US law passed in 2002 to strengthen corporate governance and restore investor confidence. Act was sponsored by US Senator Paul Sarbanes and US Representative Michael Oxley.

Sarbanes-Oxley law passed in response to a number of major corporate and accounting scandals involving prominent companies in the United States. These scandals resulted in a loss of public trust in accounting and reporting practices.

Legislation is wide ranging and establishes new or enhanced standards for all US public company Boards, Management, and public accounting firms. Sarbanes-Oxley law contains 11 titles, or sections, ranging from additional Corporate Board responsibilities to criminal penalties. Requires Security and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law

What is the significance of SOX compliance?

The 2002 Sarbanes-Oxley Act (SOX) is designed to protect investors by improving the accuracy and reliability of corporate disclosures made in accordance with securities laws. SOX standards must be followed or strict penalties for noncompliance can result. The federal government continues to refine SOX mandates, and in 2007, the U.S. Securities and Exchange Commission (SEC) approved a new auditing standard for internal controls. As a part of this new standard, the SEC and PCAOB are encouraging auditors to consider a risk-based approach in evaluating the internal controls over financial reporting of public companies.

This new standard requires going beyond monitoring security events from the network level. Now you should monitor and secure compliance-related data and applications throughout your enterprise by monitoring at both the application level and network activity level. Monitoring user activity is particularly important for maintaining separation of duties, and most important of all, for adopting a true policy-driven security program. These urgent needs can be met with a security information solution from DQS. With the right decision support strategy, you can:

  1. Continuously improve your security posture
  2. Track and prove your success in measurable risk reduction
  3. Put in place auditable internal controls that include logs, incident reports, alerts, and IDM systems, as well as application session information from across your entire organization on different platforms

Benefits of SOX Compliance

  1. Findings can be used when evaluating current level of SOX compliance. 
  2. It would reduce the costs associated with performing separate risk assessments as part of the organization’s information security strategy.
  3. It would bring information security related risks into the focus of the organization’s leadership because of its association with SOX compliance.
  4. It would lay the groundwork for developing a generalized compliance driven risk assessment model that could incorporate any set of regulations or specifications.
  5. It could be the first step in developing a risk management program for organizations that have to be SOX compliant.

Success with SOX

  1. Identify SOX-appropriate assets and activities
  2. Monitor privileged user activity to ensure accuracy of financial information
  3. Audit specific data access activity to demonstrate compliance with documented policies and procedures
  4. Capture full context for each event record, including exact commands given to data server to facilitate forensic reconstruction of activity
  5. Generate audit reports

For Whom

Information Technology--investments in infrastructure, such as networks, system management and software

Business Controls--investments in enterprise resource planning, Resource Planning Any software system designed to support and automate the business processes of medium and large businesses. Supply chain management, customer relationship management, etc.

Company Policy and Management--management decisions regarding the centralization or decentralization of the business' processes; mapping management accountability into processes; and improvements to corporate governance

SOX Services

  • Security SOX Compliance: Control assessment and implementation, information and data security policy development, incident response staffing and planning.
  • Data Management Security SOX Compliance: Data classification, controls and safeguards, data security policy, response planning, legal notification threshold analysis
  • SOX Compliance: Sarbanes-Oxley, data confidentiality and privacy, and other regulatory compliance, including process and control analysis, documentation, testing, and remediation..
  • SOX compliance IT Audit: Corporate and regulatory compliance auditing, internal control systems, and risk management.

Contact us

Please feel free to contact us. We are looking forward to hearing from you!

Rajendra Khare
MD
DQS Certification India Private Limited
Mobile: +91-9810268573
Phone:  +91-11-27025910
e-mail: rkhare@dqsindia.com

Please note: Email communication would be preferred mode of communication.

See Also:

 

YOUR SUCCESS IS OUR GOAL