non-employee accounts 2643
-
Is it a violation of SOX to have a non-employee account with access to the company’s network activley used?
-
Is it a violation of SOX to have a non-employee account with access to the company’s network activley used?
No
-
No - As Kymike shares, this is quite common. Just wanted to add that it’s important to:
– Identify any associated risks
– Have good corporate policies and standards governing outside access
– Log access to sensitive finanicial systems
– Ensure every outside person has their own individual account (not shared)
– Ensure they participate in password rotations or even more industrial strength access controls (like 2-factor for example)
– Ensure there are checks-and-balances, automony controls, and all other good classical audit controls