Sarbanes Oxley (SOX)
The Sarbanes-Oxley Act of 2002 (SOX) applies to public companies that operate in or outside the U.S. Its aim is to ensure that company executives and directors are accountable to the organization and that controls are in place for financial reporting. The worldwide regulatory environment is now complicated and rigorous. Within an IT department Section 302 and Section 404 of SOX requires stringent levels of identity, security and access management, to which failure to comply can result in hefty fines and legal action.
The Business Challenge
The most challenging aspects facing organizations tackling Sarbanes Oxley (SOX) compliance are:
- Identifying vulnerabilities across the system
- Providing adequate access control and managing users
- Maintaining compliance with configuration policies across multiple systems
- Collecting and analyzing audit logs with easy-to-read reports
Today, many auditing companies base their assessments on the generally accepted standard of COBIT which can demonstrate that good IT security and control practices within SOX guidelines are in place and working well within an organization.
The Safestone Solution
Safestone’s Security Manager is a modular and integrated approach that can help define, manage and report on security policy compliance enabling future audits to be passed simply, quickly and efficiently. This, the very latest in compliance and audit software, can remove the burden of documentation, reduce IT costs and streamline the complete reporting process for companies looking to pass or continue their SOX compliance audits, or to meet COBIT and ISO17799 standards.
The timely delivery of critical data and information to end-users is a fundamental concept of the business. With Risk & Compliance Monitor organizations can immediately identify SOX compliance vulnerabilities across System i and automatically run reports – which are required by SOX (Section 302) on a quarterly basis.
Ensuring that critical data sources held on the System i are treated confidentially is a key part of SOX compliance. Without adequate controls, unauthorized staff may gain access to sensitive information and use it to their advantage. Network Traffic Controller ensures that only the right personnel can actually access and use specific data.
The integrity of an organization’s data is at the forefront of SOX compliance. Adequate controls need to be implemented on the System i to maintain the reliability of corporate data and to provide assurance that the data is trustworthy. Security Audit & Detection puts controls in place and prevents data being manipulated and corrupted.
Multiple Systems Administrator allows you to centralize administration of networked System i servers and partitions through a single point of control. Deployment and administration costs are significantly reduced, while resources are optimized and consistency is assured.
Controlling the user lifecycle can significantly enhance security and User Profile Manager provides flexibility to easily manage profiles and passwords across System i. In addition the inability of a user to perform their IT functions because of profile or password issues is a situation that must be avoided. Password Self Help enables users to reset their own passwords without the need to call the Help Desk.