SOX

Managing Log Data for Sarbanes-Oxley Compliance

The Sarbanes-Oxley Act is arguably the most well known of all recent regulatory changes impacting enterprises of all kinds.

Verify SOX compliance in seconds using the LogLogic Compliance Suite.

Sections 302, 404, 802, and 409 of the Sarbanes-Oxley Act are most applicable to technology: Section 302 requires CFOs and CEOs to personally certify and attest to the accuracy of their companies’ financial results. Section 404 establishes the need for internal controls based on a recognized control framework. Section 802 sets criminal penalties for destroying records connected with control audits whereas section 409 is expected to define requirements for real-time reporting of material events that could affect a company's financial performance. Ultimately, the determination of which and how many controls constitute an effective internal control environment is made and evaluated by management and agreed to with the external auditor.

A typical control framework covers four areas:

• Authentication and authorization: no individual should have more rights than he or she needs to execute his or her assigned tasks. The organization should also maintain a complete record of access and activities.
• Configuration and change management: no changes should be made without authorization. A record of what changes are made should be maintained so that the state of a system or application at a previous time can be determined.
• Segregation of duties: a single person should not have the right to configure IT systems as well as audit, initiate or approve incompatible activities in those systems.
• Documentation: all entities must be held accountable. Compliance should be documented and tested on an ongoing basis. The audit trail should allow for testing of the internal IT control framework as well as substantiating regulatory compliance.

LogLogic solutions enable enterprises to utilize log data and intelligence in building an effective compliance solution to meet the requirements of SOX.