SOX

Do you need to have SOX Compliance?

In 2002, the United States Congress passed the Sarbanes-Oxley Act (SOX) to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, and to improve the accuracy of corporate disclosures.

To ensure that organisations provide greater assurance in their governance and control processes its coverage includes board responsibilities, auditor independence, corporate governance, financial disclosures and internal controls and the assurance around them. Huntsman Security technology supports SOX compliance by centralising and automating key steps in the cyber security process.

SOX 404 Compliance – Internal Controls

Section 404 of the standard details the requirements on internal controls and the way in which they are operated, audited or assured.

For many business implementation and compliance can be costly as traditional manual controls are difficult to document and test, hence there has been a significant investment in centralisation, automation and process/control assurance.  Although focused primarily on financial controls and systems, the requirements almost immediately overlap into the technical security-related areas of system monitoring, identity and access management and  fraud/misuse/anomaly detection.

There is also a linkage to the COSO-defined framework (http://www.coso.org) that defines the internal control processes and recognises the importance of top-down risk assessment and management.

Cyber Security requirements for SOX compliance

Businesses need to fully comply with security and risk monitoring requirements of SOX:  oversight, monitoring and reporting in a centralised way that enables alerting on defined risk patterns, anomalies (like fraudulent user activity) and providing real-time compliance information and simplified, automated reporting.

 

How to centralise and automate your SOX compliance processes 

The cost of SOX 404 compliance can be expensive.  Your business should find ways of centralising and automating your compliance process.  Find out out Huntsman SIEM & Security Analytics technology can help you.