Sarbanes-Oxley Act (SOX)

 

U.S. Public Company Accounting Reform & Investor Protection Act

 

 

Requirement

Solutions

CEO, CFO and an attesting public accounting firm must certify the accuracy of financial statements and disclosures in the periodic report.

Because IT systems generate periodic reports and control email, the primary tool for communicating information internally, CIOs must ensure host systems are secure and reliable.

CEO, CFO and an attesting public accounting firm must certify that the statements fairly present in all material aspects the operation and financial condition of the issuer.

UpTym Networks assists with the following:

·       Reliability

·       System availability reports

·       System O/S reports

·       Network Utilization (NIC card)

·       Overall alerts/notification system

·       Exchange, Notes, Email application monitoring

·       Automatically reboot servers upon system or application failure

·       Security:

·       Vulnerability assessments

·       Firewall monitoring

·       Patch assessment

·       Intrusion monitoring

Material information used to generate periodic reports must be retained and made available to the public

Automatic archival of all reports for up to one year

Requires a statement of management’s responsibility for establishing and maintaining adequate internal control over financial reporting for the company, attested to by the company’s auditor.

 

Ø       Includes an assessment of the controls and identification of the framework used for the assessment.

Critical systems may include, but are not limited to:

Ø       Documentation/records management tool

Ø       Asset inventory

Ø       Layered security mechanisms to protect integrity of data

Reporting of material process changes every quarter

 

Ø       Process changes to meet compliance must be documented and implemented by the IS organization. 

Ø       Because the processes and internal controls are implemented principally in IT systems, section 404 audits involve a detailed assessment of those systems.

Ø       Process used to generate statements must be accurate and meet the committee of sponsoring organizations of the Treadway Commission Standard

 

Enterprises must pass Section 302 & 404 audits before filing

UpTym Networks helps CIOs address the assessment, identification and documentation of internal controls:

 

Ø       Use SilverBack to take a quick “snapshot” and baseline network activity to establish what constitutes “normal” activity for comparison purposes

Ø       Asset report automatically discovers and documents resources across the IT infrastructure

Ø       Asset reports automatically identify all moves, adds, and changes

Ø       Notify on changes in access policies, changes in firewall configurations, router configurations, disk drive removals, and environmentals

 

Ø       Documentation of security controls:

·       firewall logs

·       intrusion monitoring

·       vulnerability assessment

·       patch assessment

·       assurance that virus updates are current

 

Ø       Better differentiate between Denial of Service attacks and legitimate increases or spikes in network traffic

Ø       Aggregated firewall reports ensure firewall is in compliance with organization security policy

Ø       Archive up to one year’s worth of history

Public companies must disclose information on material changes in their financial condition or operations on a rapid and current basis.

 IT systems, as they support business operations and financial management, play a significant role in the detection and management of material events.

 

Ø       Proactive use of IT solutions such as SilverBack enable earlier detection and mitigation of material events with some of the following capabilities:

 

·       Overall monitoring, alerting and notification system on network, system, application and security issues

 

·       Use of thresholds, severity and time-based alerts and escalations