Sarbanes Oxley Act (SOX) Compliance Standards
The Sarbanes Oxley Act of 2002, was passed in response to a number of major corporate and accounting scandals which had resulted in a decline of public trust in accounting and reporting practices. The SOX Rules and Regulations provide guidance to corporations for financial and accounting disclosure information. The Securities and Exchange Commission ("SEC") implemented Section 404 of the Sarbanes-Oxley Act, in late June of 2004. This changed a few key things. It required issuers to include assessment of the company's internal control over financial reporting as well as an auditor's report on that assessment.
A process designed by the registrant's principal executive and principal financial officers, or persons performing similar functions, and effected by the registrant's board of directors, management and other personnel, shall provide reasonable assurance to the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles.
The Sarbanes Oxley mandate focuses on ‘internal controls’ requirements. However SOX rule 302 and 404 mainly focus on financial reporting. A movement towards IT and security reporting becoming a new internal control is starting to being implemented. These new rules require corporate managers to produce annual reports detailing internal controls and procedures. SOX compliance contains a heavy emphasis on reporting. Effective long-term reporting must be automated to maintain high levels of compliance.
Monitor and Report Sensitive Data Access an Activity
Requirements 302 and 404 require the logging and continuous monitoring of database activity. Privileged user behavior such as direct access to sensitive data repositories, user privilege escalation, failed logins all need to be monitored to ensure accountability. Any system controls that can negatively impact accurate reporting of financial status must be monitored. The ability to report all activity, and to determine “how” “when” and “what” specific data was accessed, is also a requirement.
The LogClarity® Enterprise Solution is the most comprehensive solution available today to meet and maintain the need of commercial organizations facing the manual tasks of the Sarbanes Oxley legislation.
LogClarity® provides complete logging, monitoring and aggregation of log data from all log sources including database activity. Full accountability of privileged users that have access and control of sensitive data stored across the network and inside databases can be achieved through the LogClarity® privileged user monitoring.
Customers can define what privileged roles groups and accounts to be monitored very easily. Full reporting of all user activity is delivered in complete context with other activity. This capability ensures that a full audit trail of information can be easily assessed for both compliance and security violations. SOX specific reports are provided on demand or can be easily created for weekly, monthly or quarterly email reports.
Monitor Data Access, Data Systems, & Security Controls
The ISO standard is a well recognized security standard that organizations use as a guide for meeting SOX Compliance. ISO 17799 requires that you monitor and report all activity including domain activity, password events (i.e. activity across the trusted enterprise), and the control over all financial data and human resources information. The ISO standard also includes the control over system audit data and proof that controls have not been bypassed.
The LogClarity® Enterprise Solution automates the logging, monitoring and reporting of all activity including administrative user activity, regular user activity, and data access to prove data integrity. LogClarity® can be used to monitor any configuration changes or security policy changes to confirm security controls are not bypassed.
LogClarity® provides the ability to define key roles within its enterprise dashboard. Executives, compliance officers, internal auditors, security and administrators all have their role to play in SOX compliance. LogClarity® provides a check and balance system for organizations which increases security in itself. This ensures that all key players can be involved in meeting the challenges of SOX compliance.
LogClarity® also provides protection of all log data in one central repository. This prevents tampering and ensures log integrity which is necessary for organizations to be compliance with the SOX legislative mandate.
The LogClarity® Suite provides true accountability of all activity which cannot be matched by any other single source solution on the market.
Try LogClarity® 4.5 Today!
