Netwrix Enterprise Auditor (formerly StealthAUDIT) 11.6 has been released LEARN MORE

SARBANES-OXLEY (SOX) IT COMPLIANCE

MAKING SURE YOUR ORGANIZATION’S DATA IS IN IT COMPLIANCE WITH SOX

    Request A Free Trial


    WHAT IS THE SARBANES-OXLEY (SOX) ACT?

    The Sarbanes-Oxley (SOX) Act was established as Federal law for all publicly held corporations within the United States and establishes extensive civil and criminal penalties (fines/prison time) for noncompliance. The SOX Act has made it mandatory for organizations to make sure that their confidential financial information is accurate and the systems generating the information are reliable. The main driver behind the establishment of SOX is to ensure that verifiable security controls are in place within organizations to protect against the disclosure of confidential financial data, as well as provide detailed insight and tracking of employees that have access to confidential financial data. This helps to detect data tampering, which may be a sign of fraudulent activity.

    DO I NEED TO COMPLY WITH SOX?

    Your organization MUST comply with SOX if it is:

    • Publicly traded

    All publicly-traded companies in the United States, including all wholly-owned subsidiaries, and all publicly-traded non-US companies doing in business in the US are effected.

    • A private company, but is planning to offer an initial public offering (IPO)

    Private companies that are preparing for their initial public offering (IPO) also need to comply with certain provisions of Sarbanes-Oxley.

    How Stealthbits Enables SOX Compliance

    DEEP INSIGHT AND SECURITY INTELLIGENCE TO IT SYSTEMS UNDER SOX COMPLIANCE

    Combining user and server activity with baseline conformance and change detection capabilities, Stealthbits’ solutions enables clear visibility into the changes occurring across critical systems, applications, and data stores, in addition to whether or not those changes were authorized according to SOX policy definitions. This known state of SOX compliance can then be actively monitored and protected in real-time to prevent unauthorized changes from occurring, giving a lifecycle approach to SOX compliance.

    REAL-TIME CHANGE INSIGHT, DETECTION, AND REPORTING FOR SOX COMPLIANCE

    Stealthbits’ solutions deliver confidence to agencies and organizations by detecting and immediately alerting on any unauthorized or ad hoc change that circumvented established security policies to security and compliance custodians. With an audit trail that is secured and not reliant upon native system logging, IT staff have the ability to provide step by step insight to auditors or assessors during the audit cycle and arm them with detailed reports that demonstrate changes made to their information systems can be detected, corrections verified, and anomalies found, explained, and account for.

    Stealthbits SOLUTIONS FOR THE SOX COMPLIANCE FRAMEWORK

    Requirement CobIT Control Description Report Mapping Capability Mapping
    SOX Sections 302 and 404
    COSO Components
    • Risk assessment
    • Control activities
    • Information & Communication
    EDM01 Analyze and articulate the requirements for the governance of enterprise IT, and put in place and maintain effective enabling structures, principles, processes and practices, with clarity of responsibilities and authority to achieve the enterprise’s mission, goals and objectives. Access
    Auditing
    Governance
    Data Access Governance
    SOX Sections 302 and 404
    COSO Components
    • Control activities
    • Information & Communication
    BAI09 Manage IT assets through their life cycle to make sure that their use delivers value at optimal cost, they remain operational (fit for purpose), they are accounted for and physically protected, and those assets that are critical to support service capability are reliable and available. Manage software licenses to ensure that the optimal number are acquired, retained and deployed in relation to required business usage, and the software installed is in compliance with license agreements. Access
    Auditing
    Governance
    Data Access Governance
    Sensitive Data Discovery
    Data Classification
    Change & Access Monitoring
    File Activity Monitoring
    SOX Sections 302 and 404
    COSO Components
    • Control activities
    • Information & Communication
    BAI10 Define and maintain descriptions and relationships between key resources and capabilities required to deliver IT-enabled services, including collecting configuration information, establishing baselines, verifying and auditing configuration information, and updating the configuration repository. Access
    Auditing
    Governance
    Data Access Governance
    Change & Access Monitoring
    SOX Sections 302 and 404
    COSO Components
    • Control activities
    • Monitoring Information & Communication
    DSS04 Establish and maintain a plan to enable the business and IT to respond to incidents and disruptions in order to continue operation of critical business processes and required IT services and maintain availability of information at a level acceptable to the enterprise. Access
    Auditing
    Governance
    Data Access Governance
    Change & Access Monitoring
    SOX Sections 302 and 404
    COSO Components
    • Control activities
    • Monitoring
    MEA02 Define the actual scope by identifying the enterprise and IT goals for the environment under review, the set of IT processes and resources, and all the relevant auditable entities within the enterprise and external to the enterprise (e.g., service providers), if applicable. Access
    Auditing
    Governance
    Data Access Governance
    Change & Access Monitoring
    File Activity Monitoring
    SOX Sections 302 and 404
    COSO Components
    • Control activities
    • Monitoring Information & Communication
    MEA03 Monitor and report on non-compliance issues and, where necessary, investigate the root cause. Access
    Auditing
    Governance
    Data Access Governance
    Sensitive Data Discovery
    Data Classification
    Change & Access Monitoring
    File Activity Monitoring

    © 2022 Stealthbits Technologies, Inc.