Ecomnets
Solutions
Methodology
Corporate IT Governance
Corporate Compliance Solutions
- Gramm-Leach-Bliley Act
- HIPAA
- Sarbanes-Oxley Act
- USA Patriot Act

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
PartnersSitemapCareersContact


Solutions > Corporate Compliance Solutions | Sarbanes Oxley Act

The Sarbanes-Oxley Act (SOX) requires companies to closely control and track corporate content. EcomNets believes corporate and IT compliance with SOX is of significant concern to IT departments. However, addressing SOX issues in large companies is mostly technology enabled but non-technical. Therefore, IT should be working within the business to apply incumbent technologies to documentation, reporting and other compliance requirements.

Sarbanes-Oxley Act's Impact on IT


With new data retention policies, SOX requires the storage of more records and forced most corporations to re-evaluate their storage management systems. Any and all electronic records are subject to SOX requirements, including E-mail and Instant Messaging (IM) files. While IM conversations may seem as casual as phone conversations, they must be treated as formal correspondence and, like E-mail; the communications must be captured and stored.
The new regulations stipulate the use of data storage technology that cannot be overwritten or altered in any fashion. Essentially, the rules call for WORM (write-once/read many) devices and companies that don't already comply will have to integrate their on-line disk storage with the WORM media.
Different types of records will have different storage and retrieval requirements and no matter how or where the records are stored, a company must also demonstrate their authenticity and maintain an audit trail of any revisions. At the end of the SOX-mandated data life cycle, records also must be quickly and completely destroyed.
To meet these requirements, EcomNets created a SOX compliance process to support data architectures and storage systems with built-in process intelligence.

 

The EcomNets SOX Solution is the industry’s first real time monitoring comprehensive, integrated software solution for Sarbanes-Oxley compliance, operational risk management, internal audit and general compliance.
Every organization's security policy requirements are based on several variables, perhaps the most important of which is based on the outcome of a risk analysis or ongoing IT security audits. However, there are several security policies that most corporations will need to help with SOX 404 compliance regardless of their size, setup and business processes.


EcomNets SOX Solution helps companies to effectively implement internal controls for the following key processes: 


Access Controls -- Hardware/software controls regulating who has access to what financial-related information.
Audit Trails -- Application, operating system and other relevant logs that track who has accessed, modified or deleted financial information.
Computer and Media Disposal -- Minimum requirements for ensuring financial-related information is wiped before hardware and media leave the company.
Data Backup -- Specific backup requirements to ensure financial data is properly protected.
Data Integrity Controls -- Hardware/software solutions to keep financial information from being inappropriately modified (i.e. IDS/IPS, rights management software, application controls to filter input and perform data validation, etc.).
Data Retention -- Minimum requirements for retaining critical financial data, especially supporting documentation, related communications, etc.
Document Destruction -- Requirements and steps to be taken (or not taken) when destroying hard copy information.
Information Classification -- Outlining how various types of financial information will be classified and protected based on levels of sensitivity.
Messaging Security -- Minimum requirements for protecting the transmission and storage of messages (e-mail and instant messaging) containing sensitive financial-related information.
Security Assessments and Audits -- How systems will be consistently tested and audited for security risks.
System Authentication -- Hardware/software controls ensuring that users accessing financial information are who they say they are.
System Monitoring -- Technologies and processes in place to detect and alert on financial information breaches.
User Provisioning -- Specific requirements and processes for adding and removing users who will have access to financial information.
Wireless networks -- Minimum security requirements for wireless systems connecting to corporate networks.
   partners | sitemap | careers | contact