Question about Security Cameras 1519

  • My company has recently beefed up security a lot, all attributed to Sarbanes-Oxley. Today they are installing security cameras in the work areas - again, Sarbanes-Oxley. Is that really what Sarbanes-Oxley is about? I didn’t find anything about it in the wording of the act itself. I’m concerned that it’s becoming the Corporate version of the Patriot Act. I work in the disaster recovery facility which has, on most days, an average of 5 people in the building at any given time. Everyone else works in the main facility.
    Are the security cameras really because of Sarbanes-Oxley, or is that just an excuse?

  • S-OX is used as an excuse by management for a variety of changes, most of which are unneccessary for S-OX purposes.%0AIn and of itself, S-OX does not have any specific requirements (security cameras, management reviews of every accounting entry, etc.). What it does do is requires management to choose a control framework on which to base its internal controls, and assess the effectiveness of those controls on an annual basis.%0AYou state that you work in a disaster recovery facility. I am assuming that this is a backup facility for a RIS data center. If that is the case, general RIS controls would generally require the company to have physical access controls in place to the data center. These controls come in a myriad of styles. Many companies choose to have redundant controls in place. In your situation, the primary control is very likely a cardkey access system and a visitor log book. Most larger companies also employ the use of security cameras to ensure that if a problem occurs, they can go back to the tape to see who was in the facility as cardkey systems and log books are not 100% effective.%0AIn a roundabout fashion, the use of this control is related to S-OX, but is not required by it. More likely than not, your management team is using this as an excuse to beef up their backup security at their backup facility.

Log in to reply