Physical Technology Security Requirements? 1969

  • I’m just getting started on HIPAA and SOX for my organization… I feel that there is a lot that I can read, and still miss so I am glad to have found a forum.
    That being said - I have really off question. I work for a Non Profit Org, The technology side of things are a bit behind what one might find in a company that has used technology for some time.
    Our equipment is only about 3 years old, running a Windows 2000 server. The server is another project.
    My real question is this. Does SOX define physical access requirements? I have not been able to locate anything as of yet, but am still digging through what information I have.
    By Physical I mean anyone can wander into the back ‘storage’ area where my equipment is and touch it. There is one locked door to the area, but during regular business hours, anyone can walk right through it.
    Suggestions? (other then building a wall, which I am working on getting approval for)

  • gJacob3412 - Welcome to the forum. If you peruse the forum, you will see that I am not an IT expert. You will also quickly note that SOX has no specific rules addressing specific controls, how to document controls and processes, etc.
    This forum has covered many topics, so you are likely to find answers to questions that you amy have if you are just getting started.
    Let me direct you to one previous post to get you started in your quest for answers -

  • Hi and welcome to the forums 🙂
    Below are some threads that might help you get started. While COBIT 4.0 isn’t absolutely required to meet SOX standards, many audit firms use some of the key requirements as checklist items to ensure key SOX compliany needs are present:
    What is: COSO, COBIT, and SOX 404
    Free PDF copy of COBIT 4.0
    P.S. In another forum I actively participate in related to Project Management, I found a # of good links (e.g., the ‘101’ site), which might be helpful:
    For links outside the forum, please paste this URL to your browser and add www

Log in to reply