Suggestions for list of SOX IT requirements 2366

  • Hello everybody, first time poster here 🙂
    Background to my query:
    I’m a student and part of a project group that has been tasked to create some kind of generic framework regarding the IT side requirements that SOX demands of a typical company.
    However, as we in our group are completely new to the whole SOX legislation, and because we reside in Sweden where SOX is to be implemented in a different form (eurosox). We are currently researching
    the nature of the SOX legislation as it pertains to IT. However, as the actual legislation for SOX doesn’t reveal much in terms of actual requirements, we’re sort of fumbling in the dark here when it comes to nailing down the actual things that would need SOX awareness and auditing.
    Furthermore, once we’ve nailed down the rough specifics of what SOX would require in terms of IT compliance, we’re to use this information to select and evaluate two SOX logging correlation systems.
    So, my question is:
    Is SOX IT compliance just generally about accountability, security and accuracy of information? Or does there exist some kind of technical best practice for what to audit and what to not audit in a company?
    I’m sorry if my question is a bit on the rough side here, but really, we are completely new to this, so please… bear with us 🙂

  • Hi - I apologize for missing this post earlier as I’m catching up some …
    This thread has a how to get started section, followed by several good links related to SOX 404 (the key IT standard)

Log in to reply