SOX Compliance Checklist

The Sarbanes-Oxley Act (SOX) was passed in 2002 by the US Congress. It aims to make public companies more accountable to their shareholders and the general public by auditing their financial reporting activities.This act intends to make corporate disclosures more transparent and thereby minimize financial fraud.

While most sections of the SOX Act are concerned with regulating financial activities, there are a few sections for which the IT department needs to contribute. For example, the IT department is required to set up a system of internal controls to ensure that the financial data of the company is not tampered with.

Which companies does SOX apply to?

All the public companies registered in the United States.
Foreign companies that are public and operate in the United States.

How to comply with SOX?

Here is a checklist to make your SOX audits hassle-free:

Ensure that your data is not tampered with
Use tools that can help monitor your files, servers and computers; track any security settings modifications, deletions, changes and so on. This can help detect any unauthorized access attempt to sensitive data.
Focus on keeping your timelines intact and logs secure
Enable auditing for critical activities on systems that store sensitive data and use a software that automatically timestamps all the log data that is generated. Move your logs to a server in a secure location. The time stamps will help you detect any unauthorized access attempts or attempts to tamper log data.
Verify that your security controls are operational
Regularly review and monitor your security control's working using reporting and monitoring tool that can send daily reports to administrators or other authorized persons.
Notify security breaches to independent auditors
Employ software which can detect security breaches in real-time and respond to them immediately. The independent auditors can also be alerted of a breach as it will ensure maximum transparency.
Notify failure of security controls to independent auditors
Schedule periodic testing of the security controls and notify the independent auditors of the results, including any failure in the mechanism. For example, if the tool failed to log certain important events, make sure the auditors are informed.

SOX compliance with ADAudit Plus

ADAudit Plus is an Active Directory auditing and reporting tool that monitors your network in real-time and provides over 200 audit reports on the various entities and events such as users, servers, logons, file modifications and so on. This tool has a section for compliance which has separate reports for different compliance mandates, including SOX. SOX reports track the different activities that need to be monitored for a company to stay SOX-compliant such as file modifications, logon activity and so on. Here is the list of reports that are available in the SOX section of ADAudit Plus:

About ADAudit Plus

ADAudit Plus is a real-time, web-based Windows Active Directory change reporting software that audits, tracks, reports and alerts on Windows (Active Directory, workstations logon/logoff, file servers and servers), NetApp filers and EMC servers to help meet the demands of the much-needed security, audit and compliance. With ADAudit Plus, track authorized/unauthorized AD management changes, access of users, GPO, groups, computer, OU. Track every file, folder modifications, access and permissions changes with 200+ detailed event-specific reports and get instant emails alerts.Tracking the modifications on the network can ensure that nobody tampers with your data and this makes SOX compliance easy. You can also export the results to XLS, HTML, PDF and CSV formats to assist in interpretation and computer forensics. For more information on ADAudit Plus, visit https://www.manageengine.com/active-directory-audit/.

More related links

✕
Native auditing becoming a little too much?

Try ADAudit Plus login monitoring tool to audit, track, and respond to malicious login and logoff actions instantaneously.
Try ADAudit Plus for free