Scribd
Upload
62 views7 pages

SOX Compliance - Requirements and Checklist

Uploaded by

Hossam Selim
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
62 views7 pages

SOX Compliance - Requirements and Checklist

Uploaded by

Hossam Selim
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

(/) SOX COMPLIANCE: REQUIREMENTS AND CHECKLIST

Get a Demo (/contact/get-a-demo)


(/) Why Exabeam
(https://www.exabeam.com/why-exabeam/)

SOX Compliance: Requirements and Checklist


Solutions
(https://www.exabeam.com/product/solutions/)

Products (https://www.exabeam.com/product/)

Get a (/contact/get-
Organizations Resources
that offer English both 
stocks or securities must maintain
(/library/)
good financial
Demoa-demo)
practices and maintain data security standards. The higher the financial stakes, the
higher the risk of being targeted for data theft and the greater the consequences of
Customers
a successful attack.
(https://www.exabeam.com/customers/)

The Sarbanes-Oxley Act of 2002 (SOX) was originally enacted to combat unethical
corporate andPartners
financial practices, notably the Enron and WorldCom scandals.
(https://www.exabeam.com/partners-
overview/)
These scandals caused billions of dollars in losses for investors and eroded public
confidence in the US stock market.
Company
A major part of(https://www.exabeam.com/company/)
SOX regulations relate to information
technology and security best
practices. Because SOX is a mandatory standard that applies to all US-based public
companies, it had the positive side-effect of encouraging robust information
security practices.

Read on to learn more about SOX, how you can comply with it, and see a checklist
to help you keep track of your compliance requirements.

In this page:
How can we help?
What is SOX compliance?
Primary SOX compliance requirements forReply
IT organizations
to Gabby Gorys
SOX compliance audits
SOX compliance checklist
SOX compliance with the Exabeam Security Management Platform
(/) What Is SOX Compliance?
(/)
Why Exabeam
(https://www.exabeam.com/why-exabeam/)
Get a Demo (/contact/get-a-demo)

The Sarbanes-Oxley (SOX) Act of 2002 is a regulation affecting US businesses. It


was enacted by Congress in response to several financial scandals that highlighted
Solutions
the need for closer control over corporate financial reporting practices.
(https://www.exabeam.com/product/solutions/)

Goals: SOX aimed to increase transparency in corporate and financial governance,


Products (https://www.exabeam.com/product/)
and create checks and balances that would prevent individuals within a company
from acting unethically or illegally.
Get a (/contact/get-
Applies to: TheResources
(/library/)
regulation applies to all public companies
English based
 
in the USA,
Demoa-demo)
international companies that have registered stocks or securities with the SEC, as
well as accounting or auditing firms that provide services to such companies.
Customers
(https://www.exabeam.com/customers/)
Penalties: Non-compliance with SOX can lead to millions of dollars in fines or
criminal conviction.
Partners (https://www.exabeam.com/partners-
overview/)
Benefits: SOX compliance is not just a regulatory requirement, it is also good
business practice because it encourages robust information security measures and
can prevent data theft.
Company
(https://www.exabeam.com/company/)

Primary SOX Compliance


Requirements
The following SOX Compliance Requirements are directly applicable to IT
organizations within companies that are subject to SOX regulations, and will affect
your information security strategy:
How can we help?
Section 302—Corporate Responsibility for Financial Reports—public
companies need to file reports of their financial situation
Reply to Gabby Gorys with the Security
Exchange Commission (SEC). SOX specifies that the CEO and CFO of the
reporting organization must sign each report and be held personally
accountable for its contents. CEOs/CFOs must attest that each report is
truthful, does not omit essential information, that they have put controls in
place to ensure this is the case, and validated these controls within 90 days
(/) Get a Demo (/contact/get-a-demo)
(/) before submitting
Why Exabeam the report.
(https://www.exabeam.com/why-exabeam/)
Section 404—Management Assessment of Internal Controls—SOX makes
corporate management responsible for putting in place an internal control
structure that is “adequate”. Both management and external auditors need to
Solutions
(https://www.exabeam.com/product/solutions/)
assess and report on the adequacy of the control structure and report any
shortcomings.
Section 409—Real Time Issuer Disclosures—if there is a significant change to a
Products (https://www.exabeam.com/product/)
company’s financial situation or ability to operate, company officials are
responsible for informing their investors and the general public in a timely
manner. Resources (/library/) English 
Get a (/contact/get-
 Demoa-demo)
Section 802—Criminal Penalties for Altering Documents—company officials or
others who make any change to a financial document or other material that can
affect the Customers
SEC’s administration, conceals or covers up such a document or
(https://www.exabeam.com/customers/)
falsifies an entry, is subject to fines or imprisonment of up to 20 years.
Section 906—Corporate Responsibility for Financial Reports—company
officials who submit
Partners misleading or false financial reports can be subject to
(https://www.exabeam.com/partners-
overview/)
fines up to $5 million and imprisonment of up to 20 years.

SOX Compliance Audits


Company
(https://www.exabeam.com/company/)

A SOX Compliance Audit is commonly performed according to an IT compliance


framework such as COBIT. The most extensive part of a SOX audit is conducted
under section 404, and involves the investigation of four elements of your IT
environment:

Access—physical and electronic measures that prevent unauthorized access to


sensitive information. This includes securing servers and data centers, and
authentication measures like passwordsHowandcanlockout
we help? screens.
Security—staff, practices and tools deployed to prevent security breaches on
devices and networks that are used for financial data.Gorys
Reply to Gabby

Change management—how the organization defines new user accounts,


performs software updates, and maintains audit trails of any change to
software or configuration.
Backup—how the organization ensures any sensitive data that is lost can be
(/) Get a Demo (/contact/get-a-demo)
(/) restored, including data stored off company premises.
Why Exabeam
(https://www.exabeam.com/why-exabeam/)

SOX Compliance Checklist


Solutions
(https://www.exabeam.com/product/solutions/)

The following checklist will help you formalize the process of achieving SOX
compliance in your organization.
Products (https://www.exabeam.com/product/)

# Goal Practical Steps


Get a (/contact/get-
Resources (/library/) English   Demoa-demo)
Implement systems that track logins and detects
Prevent data
1 suspicious login attempts to systems used for financial
tampering
Customers
data.
(https://www.exabeam.com/customers/)

Implement systems that can apply timestamps to all


Record Partners (https://www.exabeam.com/partners-
overview/) financial or other data relevant to SOX provisions. Store
2 timelines for
such data at a remote, secure location and encrypt it to
key activities
prevent tampering.
Company
(https://www.exabeam.com/company/)
Build Implement systems that can receive data from
verifiable practically any organizational source, including files,
3
controls to FTP, and databases, and track who accessed or modified
track access the data.

Implement systems that can report daily to selected


Test, verify
officials in the organization that all SOX control
and disclose
4 measures are working properly. Systems should provide
safeguards
access to auditors using
How canpermissions,
we help? allowing them to
to auditors
view reports and data without making any changes.
Reply to Gabby Gorys

Report on the Implement systems that generate reports on data that


effectiveness have streamed through the system, critical messages
5
of and alerts, security incidents that occurred and how they
safeguards were handled.
(/) Implement security systems that can Get aanalyze data,
Demo (/contact/get-a-demo)
(/) Detect Why Exabeam
identify signs of a security breach and generate
(https://www.exabeam.com/why-exabeam/)
6 security
meaningful alerts, automatically updating an incident
breaches
management system.
Solutions
(https://www.exabeam.com/product/solutions/)

Disclose
security Implement systems that log security breaches and also
Products (https://www.exabeam.com/product/)
breaches and allow security staff to record their resolution of each
7 failure of incident. Enable auditors to view reports showing which
securityResources (/library/)
security incidents occurred, which were successfully
Get a (/contact/get-
controls to mitigated and which were not.
English   Demoa-demo)

auditors
Customers
(https://www.exabeam.com/customers/)

SOX Compliance with the


Partners (https://www.exabeam.com/partners-
overview/)

Exabeam Security Management


Platform
Company
(https://www.exabeam.com/company/)

Understanding the requirements of the regulation is only half the battle when it
comes to SOX compliance. To achieve compliance effectively and at a reasonable
cost, you will need the right technology stack in place. Tools that help gather the
right data and set up the security controls and measures required by SOX
regulations will help you achieve compliance faster and reduce risks to your
organization.
How can we help?
The Exabeam Security Management Platform
(https://www.exabeam.com/product/) is a modern SIEM solution that can collect
Reply to Gabby Gorys
security data and detect, investigate and respond to threats. It can help improve
your organization’s overall security profile, leaving you better equipped to maintain
compliance with regulations such as SOX.
Want to learn more about Regulatory Compliance?
(/) Get a Demo (/contact/get-a-demo)
(/) Have a look atWhythese articles:
Exabeam
(https://www.exabeam.com/why-exabeam/)

Protect Personal Data With GDPR Compliance


(https://www.exabeam.com/siem-guide/siem-concepts/gdpr-compliance/)
Solutions
PCI Compliance (https://www.exabeam.com/siem-guide/siem-concepts/pci-
(https://www.exabeam.com/product/solutions/)

compliance/): A Quick Guide


What Is the HIPAA Compliance (https://www.exabeam.com/siem-guide/siem-
Products (https://www.exabeam.com/product/)
concepts/hipaa-compliance/) Standard and How to Adhere to It?

Get a (/contact/get-
Resources (/library/) English   Demoa-demo)
Support (/product/support-and-
services/)
1.844.EXABEAM (TEL:18443922326)
Customers
(https://www.exabeam.com/customers/)
[email protected] (mailto:[email protected]) Deployment (/product/deployment-services/)

Training (/product/training/)
1051 E. Hillsdale Blvd. 4th Floor
Partners (https://www.exabeam.com/partners-
Foster City, CA 94404overview/) Documentation (https://docs.exabeam.com/)

GitHub Content Library


    (https://github.com/ExabeamLabs/Content-
Company Doc)
(https://www.exabeam.com/company/)
Community
(https://community.exabeam.com/login)

Support Login
(https://community.exabeam.com/login)

XDR Hub Company (/company/)

Fusion XDR Leadership (/company/leadership/)


(https://www.exabeam.com/product/fusion-
xdr/) Careers (/company/careers/)
How can we help?
The Impact of XDR in the Modern SOC ESG Trust (/company/trust-exabeam/)
Report (/library/the-impact-of-xdr-in-the-
Exabeam
Reply to for Good (/company/exabeam-for-
Gabby Gorys
modern-soc/)
good/)
Why does the XDR market exist? (/information-
Diversity and Inclusion (/company/diversity-
security/why-does-the-xdr-market-exist/)
and-inclusion/)
Open XDR versus Native XDR (/information-
Newsroom (/newsroom/)
security/open-versus-native-xdr/)
Awards (/newsroom-by-type/awards/)
An XDR Prerequisite; Prescriptive Threat
An XDR Prerequisite; Prescriptive, Threat-
Centric Use Cases (/information-security/an- Events (/events/)
(/) Get a Demo (/contact/get-a-demo)
(/) xdr-prerequisite-prescriptive-threat-centric-
Why Exabeam
use-cases/) (https://www.exabeam.com/why-exabeam/) Contact Us (/contact/)

Solutions
© 2022 Exabeam Terms (https://www.exabeam.com/product/solutions/)
and Conditions (/terms-and-conditions) Privacy Policy (/privacy-policy) Ethical Trading
Policy (/ethical-trading-policy)

Products (https://www.exabeam.com/product/)

Get a (/contact/get-
Resources (/library/) English   Demoa-demo)

Customers
(https://www.exabeam.com/customers/)

Partners (https://www.exabeam.com/partners-
overview/)

Company
(https://www.exabeam.com/company/)

How can we help?

Reply to Gabby Gorys

You might also like