SOX and informational security 1746
-
Hi everyone.
I’m an analyst in a russian IT company. Now i’m exploring ‘Sarbanes-Oxley Act’. In this act i only need the informational security requirements. Can you help me telling whether such requirements exist or no and if they exist, what are they and in what sections can i find them?
Sorry for my English
-
Hi and welcome to the forums
… As a starting point, key items to research are:
SOX 404 – This section describes IT related security and processing controls for financial systems (and most often it’s good to apply these to the non-financial side as well)
COBIT 4.0 – While not mentioned directly in the SOX standards, many external auditors use these guidelines recommended by PCAOB during SOX audits as guidelines for SOX compliancy.
COSO standards – While these controls are mostly financial in nature rather than IT related, they are important in defining financial workflow controls and go hand-in-hand with COBIT
Below are a few links that might help :
COBIT and COSO
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=1516
Getting Started with SOX
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=1706
Definition of SOX
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=1637
General IT controls
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=1510
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=1421
SOX IT based packages
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=888
-
Thanks a lot.