M
If I ask a question that has already been answered, I apologize. I have read a ton of threads on this site but feel the need to ask in my own words just so I know I understand. %0AWhere I am newly employed, I recently took over a 10 year old project. The application in question is where employees come to enter expense reports, timesheets, purchase requests, support tickets, quotes, employee information, terminations, mailing lists, document management including contracts, CRM, and much more. Many of these areas are directly fed into our accounting system and CRM packages. Data from those systems is also brought into and displayed within this system as well. Every employee in the company has access to this site and it is available outside the VPN.%0AI have been given the task of redesigning this application and giving it a new look and feel as well as increasing performance and stabilization. As part of the ground work in support of the new project I have been putting together a security policy. I know this company has plans to go public within two years and SOX will be very a very important compliancy hurdle. I want to make sure that I do everything I need to now while redesigning this project to make sure I don’t affect future compliance. %0AThere is so much information out there about SOX compliance for IT but I feel that most of it is BS propaganda to help companies sell services. I read through the CORBIT 4.1 manual and its great and all but it’s a little overwhelming and it seems to me that only 1% of it has to do with SOX compliance and the rest is to do with best practices for running an IT department. %0AI am all about proper approval chains, repeatable process and best practices for security, so don’t get me wrong. For this project I am simply looking for what, if anything, I need to make sure programmers are aware of to ensure that we are prepared for SOX compliance in the future. I have read in many posts that SOX doesn’t explicitly state anything about IT security but that improper security could still affect compliance. So I’m a little confused and any help would be appreciated.%0AThanks,%0ADavid thx very much%0A________________________________________