SOX Compliance Report
Tags: SOX compliance, Sarbanes Oxley Act, Sarbanes Oxley, SOX Audit
|
What is SOX compliance Act?
|
|
The Sarbanes Oxley Act of 2002 is created as a result of to a number of major corporate and accounting scandals. These scandals, which cost investors billions of dollars when the share prices of affected companies collapsed, shook public confidence in the nation's securities markets.
|
|
What is the need for SOX compliance?
|
|
It is mandatory for the public traded companies to report their internal audit structure to Securities and Exchange Commission(SEC). Non compliance to this act attract criminal penalties.
|
|
Role of IT in SOX compliance
|
|
Under section 404 of Sarbanes Oxley Act compliance, management is required to produce an "internal control report". The report must affirm "the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting."
SOX Section 404 and other regulatory requirements specify that enterprises create and maintain detailed information about information flow and user access across (and sometimes beyond) entire enterprise networks. Centrally managed repositories of such information are also essential elements of effective identity and access management (IAM) and IT security architectures.
It is the duty of IT to assure that authorized people conduct all financial transactions and data entry, and that all transactions get logged and tracked in ways that support comprehensive auditing. To meet these and other business requirements, IT executives must ensure that the identity and access management (IAM) solutions at their enterprises deliver adequate levels of demonstrable, transparent compliance.
|
|
Role of Active Directory in SOX compliance
|
|
Active Directory is powerful and flexible, and enables and supports effective, policy-based management of "compliance-ready" IAM initiatives.
|
|
Using Active Directory
|
- Deploy and enforce proper system configuration using Group Policy
- Enables centralized, policy-based, secure control and management of access, authentication, and authorization for IT users and resources
- Supports logs of privileged and exceptional operations related to the directory
|
|
How to audit SOX Compliance using JiJi Active Directory Reports?
|
|
Using JiJi Active Directory Reports, 150+ out of box reports, you can easily SOX audit your Active Directory.
As part of the Sarbanes Oxley Act, the IT Management must know the security risk in their network. It is the duty of the IT Management to protect the system and information
Asses security risk
Using Password Policy Reports, get details of Default Domain Policy and Fine Grained Password Policies in your directory. Also get the members for the given Fine Grained Password Policy.
Use Account Lockout Policy Report, to view when the account will be locked out whenever invalid credentials are provided to access the account.
You can also find and remove Group without members.
Data Protection
You can track the bad loggedon users attempts using Bad Logged on reports.
Get Inactive Users and Inactive Computers, and track their log on attempts for any malpractices.
Get Inactive Users/Inactive Computers/Disabled Users, and delete the unnecessary AD objects.
Get the user access across entire network using Security Reports.
|
|
