Desktop Policies 1161



  • Does anyone know if there are any SOX requirements for desktops? i.e. screen saver timeout, patches, etc If so, where can I find them?



  • SOX does not have any specific requirements over IT. However, it does require that you select a suitable control framework on which you base your assessment of internal controls. COSO, which is used by most companies, identifies the following risk that should be addressed related to information systems -
    Data files are subjected to unauthorized access.
    Each business needs to evaluate this in the context of their particular business and systems configuration and related risks. If your information systems can be accessed via desktop equipment (and most can), then you should identify controls that mitigate this risk. These controls probably should cover virus protection, password security, access to unattended workstations, etc.
    Roundabout, SOX will impact this, but you have to reason through your chosen controls framework to get to your answer.


Log in to reply