How ManageEngine helps you meet SOX compliance requirements
| Requirement | Description | Capability | Summary reports | Description |
| 302 (a)(4)(A) | The signing officers are responsible for establishing and maintaining internal controls | Help desk delegation Identity risk assessment Access certification campaigns Multi-factor authentication Backup and recovery File integrity monitoring Forensic analysis | Identity Risk Assessment Report User Logon and Logoff Logon Failure Audit Log Access Object Access System Events Successful or Unsuccessful User Account Validation Terminal Service Sessions | Internal controls measures such as role-based access control, principles of least privilege, risk assessment, access certification, MFA, backup and recovery, and more can be implemented using AD360. Log360 ensures file integrity monitoring by tracking any unauthorized changes to critical files. Forensic analysis tools help in investigating breaches or anomalies, providing a deeper understanding of security events like failed logons or suspicious access attempts. |
| 302 (a)(4)(B) | The signing officers have designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared | |||
| 302 (a)(4)(C) | The signing officers have evaluated the effectiveness of the issuer’s internal controls as of a date within 90 days prior to the report | |||
| 302 (a)(4)(D) | The signing officers have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date | |||
| 302 (a)(5)(A) | All significant deficiencies in the design or operation of internal controls which could adversely affect the issuer’s ability to record, process, summarize, and report financial data and have identified for the issuer’s auditors any material weaknesses in internal controls; | Identity risk assessment Real-time User Session Tracking Audit trails | GPO Reports All File / Folder changes Audit Policy Changes User Access | AD360 also allows you to obtain a comprehensive risk assessment report with a list of risky objects and actionable insights. It also offers mitigation measures to keep the risky objects at bay. Log360 provides real-time tracking of user sessions, along with detailed audit trails that track who accessed what, when, and from where. This ensures transparency and accountability for user activity. GPO (Group Policy Object) reports further enhance monitoring by keeping track of all changes in policies that control user access and system configurations. |
| 302 (a)(5)(B) | Any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer’s internal controls | Audit Policy Changes User Access | Log360 provides continuous tracking of changes made to audit policies, which dictate how events are logged. This ensures no unauthorized adjustments are made that could affect the monitoring and reporting of critical events. | |
| 302 (a)(6) | The signing officers have indicated in the report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses. | Configuration Management | User and Computer Account Changes User Group Changes | Log360 tracks changes to user and computer accounts, ensuring that configuration changes are logged and monitored. |
| 404 (a)(2) | The internal control report must contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting. | Identity risk assessment | Identity Risk Assessment Report | AD360 offers a comprehensive risk assessment report that identifies and lists the vulnerable objects along with mitigation measures. |
| 404 (b) | With respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer, other than an issuer that is an emerging growth company (as defined in section 3 of the Securities Exchange Act of 1934), shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement. | Network Device Logon Reports |
Take the lead in data protection best practices with our unified SIEM solution!
