Storage Network - Sox compliance 1954
linus last edited by
In terms of Storage Networks (storage units, san switches) how can someone be sox compliant.
milan last edited by
I believe that one of the process domains to achieve SOX IT compliance includes controls over backup and recovery. You should be able to find more information about suggested controls for SOX compliance in the guidance from CobiT.
CobiT 4.0 may be found at isaca.org
Additionally, the usual suspect (Harry W.) and others will likely reply to your question in more detail. However, as a starting point, it might be helpful to research some of the published guidance online.
Hope this helps,
harrywaldron last edited by
Hi and welcome to the forums
As Milan noted the COBIT 4.0 standards are some of the acceptable guidelines audit firms use for SOX 404 compliancy. SOX 404 provides a general IT framework for automated financial system controls, so there aren’t highly specific things noted for the SAN environment.
Briefly, the key areas of consideration include:
- Backup and Recovery
- File retentions - most SOX files must be retained for 7 years so, you need a NAS device
- DR failover capabilities
CAS Technologies (differs from NAS, but same SOX requirements)
Free copy of COBIT 4.0 when you register
calvin last edited by
Physical and logical access is only what I think should be in scope for SAN Switches and storage units.
For the data/configuration that resides in storage unit, you have operational controls related to backup and restoration which becomes applicable apart from logical access.
We have a SAN environment and these were the only two controls that were tested as a part of ITGC (in agreement with external auditors)