Sarbanes-Oxley Act (SOX)

The Sarbanes-Oxley Act of 2002 was established in the United States to safeguard shareholders against fraudulent activities conducted by publicly traded companies. SOX imposes strict internal control practices and regular submission of audited financial reports to prevent fraud. Sections 302 and 404 of SOX focus on internal control assessment and necessitate the use of documentation, tests, and audits for achieving compliance. The effectiveness of internal controls often relies on an organization's IT network.

M365 Manager Plus simplifies information security across all your Microsoft 365 components and provides out-of-the-box reports to become SOX compliant.

The following table lists the SOX compliance requirements and M365 Manager Plus reports that help meet them.

Section Description Reports
AI3 (AI3.2, AI3.3, AI3.4) Acquire and maintain technology infrastructure
  • Infrastructure resource protection and availability
  • Feasibility test environment
  • Infrastructure maintenance
  • User Logon Activity
  • OneDrive Events Log
  • Mailbox Created
  • Mailbox Deleted
  • Mailbox Quota Changes
AI6 (AI6.1, AI6.3, AI6.4, AI6.5) Manage changes
  • Change standards and procedures and emergency changes
  • Change status tracking and reporting
  • Change closure and documentation
  • OWA Attachment Policies
  • Mail Traffic Policy Match Summary
  • Address Book Policies
AI7 (AI7.4, AI7.7, AI7.8, AI7.8, AI7.9) Install and accredit solutions and changes
  • System and data conversion
  • Final acceptance test
  • Promotion to production
  • Post-implementation review
  • Mailbox Quota Changes
  • Mailbox Size Changes
  • OneDrive Events Log
DS3.4 and DS3.5 IT resources availability and monitoring and reporting
  • User Logon Activity
  • OneDrive Events Log
DS4.3 Critical IT resource User Logon Activity
DS5 (DS5.3, DS5.4, DS5.5) Ensure systems security
  • Identity management
  • User account management
  • Security testing, surveillance and monitoring
  • OWA Attachment Policies
  • OWA Attachment Policy by Users
  • User Logon Activity
DS9 (DS9.1, DS9.3, DS9.3)
  • Configuration repository and baseline
  • Identification and maintenance of configuration items
  • Configuration integrity review
  • Mailbox Created
  • Mailbox Deleted
  • Mailbox Quota Changes
  • Address Book Policies
DS10.2 Problem tracking and resolution Mail Traffic Policy Match Summary
DS13.3 IT infrastructure monitoring
  • Mailbox Created
  • Mailbox Deleted

Steps to generate SOX-related reports in M365 Manager Plus

  1. Log on to M365 Manager Plus and navigate to the Reports tab.
  2. In the left pane, click Compliance Reports.
  3. Under SOX, click the report that you wish to generate.
  4. Select the desired domain(s) and click Generate Now.
Navigate to next Previous Topic Next Topic Navigate to next

Copyright © 2023, ZOHO Corp. All Rights Reserved.