International Design and Retail Group completes remediation of Sarbanes-Oxley security issues in record time
View all case studies Published | January 2009
Remediation of security issues for Sarbanes-Oxley compliance was completed in record time for an INTERNATIONAL DESIGN AND RETAIL GROUP.
A major American-headquartered global retail group with outlets in 48 countries approached Safestone for help in solving issues arising from a routine security compliance audit. The audit had identified several areas of access control, which needed attention before the company would be Sarbanes-Oxley compliant.
With just one week to prepare a tailored solution plan, Safestone successfully implemented a complete DetectIT Security Manager suite for the client, including necessary tailoring of the software and user training. The whole solution was delivered many days ahead of normal schedules, achieving the client’s aggressive installation
requirement.
Business background
The company specializes in premium lifestyle products in the fashion, home, accessories and fragrance markets, retailing both through high street and online stores. Large databases containing customer personal information are held on IBM System i servers across several countries.
Among the key provisions required by Sarbanes-Oxley is the implementation of controls to protect private customer information from unauthorized disclosure. Section 404 of Sarbanes-Oxley requires companies to document and assess their control environments.
Safestone’s US account manager for the retail group comments: “The company was specifically lacking adequate internal and external access controls; databases were at risk from external threats, and more importantly, internal controls were needed to protect against user experimentation.”
With a remediation deadline only 5 weeks away, the client requested a very quick turnround on installation and configuration of the compliance solution over several partitioned servers. “We were given about a week to prepare, then 3-4 weeks to install, analyze data and tailor a customized solution – which left us with no room for error,”
says John. “It was a significant achievement to meet such a large requirement in a short period of time.”
Controlling network traffic
Safestone’s DetectIT Security Manager Suite is a completely flexible solution for compliance issues, with several options for unique customization. To match client needs, Safestone tailored the installation, configuration and training specifically to the remediation project.
Controlling exit point traffic was a crucial part of the remedy, so attention was focused on the Network Traffic Controller element of the DetectIT suite. Network Traffic Controller is a powerful module which allows the customization of how and when users access the System i via external remote connections such as FTP, ODBC, TELNET, etc.
The product was tailored to utilize customizable APIs to add more bespoke functionality to the exit point controls.
“Our solution has enabled this client to deal with its security and compliance issues to a much more granular level than ever before,” comments Safestone’s account manager. “The exceptionally short timescale in which we were able to achieve implementation demonstrates the complete flexibility of Safestone in supplying an effective and efficient consultant-driven solution.”
