|
Section 404 is the
tallest mountain to climb, with key areas regarding IT controls:
• Change Management - Companies
must provide visibility over changes in the IT environment and
enable the ability to initiate, authorize, manage and implement
all IT changes through a systematic change process.
• Backup - A process must be deployed to identify
critical data and to duplicate, store and recover data as
needed.
• Security - A process must
be deployed to ensure the integrity of information and secure
applications, databases, operating systems, internal network
access and perimeter network.
• Documentation - Companies
must deliver thorough documentation to cover change management,
back up and security policies and processes.
• Remediation - Companies
must have solutions to fill gaps in change management, backup
and security.
Many businesses underestimate what it takes to be compliant.
And, unfortunately, the Sarbanes-Oxley Act does not provide
detailed, step-by-step guidelines on reaching compliance.
There are industry accepted best practices. In addition, every
auditor usually adds individual criteria. And there is no one
solution available on the market to help businesses achieve
compliance. What's more, Sarbanes-Oxley (SOX) is not a one-time
experience. Companies must continue to be compliant as
technology and organizations evolve. |