Customer Login
How Do You Control Who Accesses What?
Solutions » Audit & Compliance » The Sarbanes-Oxley Act (SOX)

SOX Compliance

The Sarbanes-Oxley Act (SOX) holds chief executive and chief financial officers of public companies accountable for misstatements in financial reports. Though compliance issues are nothing new in both regulated, government-driven markets, as well as self-managing industry associations, SOX raises the specter of enormous financial and personal liability.

For the IT manager, the most relevant section of SOX is Section 404: Management Assessment of Internal Controls. Two items from Section 404 stand out:

  1. Establishing and maintaining an adequate internal control structure

  2. An assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure

The problem is that SOX expects you not only to take an aggregated look at your IT environment, but also to tie it back into business processes. The second problem is defining “effectiveness.” Many solutions try to address this concept by collecting and maintaining a massive amount of data from log files and other system reports. Unfortunately, it’s nearly impossible to analyze gigabytes or even terabytes of this data. Companies hope that compliance auditors will give tacit approval, but what if the data contains early indicators of actual problems? That just adds risk to the equation.

In your network environment, can you unequivocally state who all your users are? Do you know to what they have access? Can you show all the appropriate interactions among users, assets and applications? Is there verifiable evidence that controls work, and that you took appropriate (and immediate) action when a policy infraction occurred?

Identity lets you see inside your environment, manage and monitor that environment and audit your policies to prove the effectiveness of your policies. You easily establish and maintain an internal control structure using Identity's Activity and Health Probes and Monitoring Station. Once each desktop receives its unique identifier, Identity lets you track and monitor that activities within your network. Additionally, you receive alerts and reports on machine and user activity that is not in accordance with your defined policies.

Identity provides extensive and detailed reporting on activities within your environment and on user activity. And, you gain rich capabilities to demonstrate clear effectiveness through detailed reports—along with associated review and approval workflows. That helps you unequivocally fulfill SOX’s requirement for effective internal controls.

 
products  │  solutions  │  oem partners   │  resources  │  company
©2007 Trusted Network Technologies.    Contact Us    Toll free: (877-222-8736)    Privacy Statement