As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!
Sarbanes-Oxley Act Forum: Forums
The Sarbanes Oxley Act :: View topic - Cobit maturity level for SOX compliance
Based on the quote below, it appears that the latest version 4.0 framework is recommended. If you're starting with a brand new adaptation of COBIT standards, it would be beneficial to use the latest and greatest However, if you're already using an existing earlier version of COBIT, I couldn't find references defining the minimum baseline for SOX compliancy.
COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations. ITGI’s latest version— COBIT® 4.0—emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.
It does not invalidate work done based on earlier versions of COBIT but instead can be used to enhance work already done based upon those earlier versions. When major activities are planned for IT governance initiatives, or when an overhaul of the enterprise control framework is anticipated, it is recommended to start fresh with COBIT 4.0. COBIT 4.0 presents activities in a more streamlined and practical manner so continuous improvement in IT governance is easier than ever to achieve.
The absolute minimum is Maturity Level 3. Almost all external auditors are ok with it (no deficiency identified etc.) _________________ George Lekatis
President of the Sarbanes Oxley Compliance Professionals Association (SOXCPA)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters. Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox. Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.