Sarbane Oxley Act in a nutshell.

Sarbane-Oxley Act is a fundamental act that focuses on regulating corporate behaviour to protect financial audit records.

For the nitty gritty of Sarbane-Oxley Act: http://www.soxlaw.com

There are three key sections for IT Security; it is section 302, 404 and 802

For section 302, it is about corporate responsibility for financial reports. It is key to certify the validity of the financial reports using set controls.

For section 404, it is about management assessment of Internal Controls. It is the responsibility of the executive/auditor to confirm the effectiveness of the internal audits

For section 802, it is about implementing criminal penalties for altering documents. This section mandates the protection and retention of financial audit records.

As i would look at it, it works in sync with a set regulation of internal controls, which might stem from a NIST/ISO standard or government regulatory notions, and this act works as a policer to keep /maintain financial records securely.

One thought on “Sarbane Oxley Act in a nutshell.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s