Physical Security Measures 2613

  • As Physical Security Consultants we are increasingly requested to undertake Security Audits to ‘cover SOX compliance’. Having reviewed the actual SOX policy there are only a few areas where physical security measures could be relevant, SOX 302 and 404. An interpretation has obviously been made that requires physical security measures are taken but could someone out there please tell me where I can find it. Any info would be very gratefully received - thanks.

  • Firstly, there are no specific requirements in SOX that require physical security measures to be taken.
    Anything you do around physical security should flow from the control methodology applied e.g. COSO and in response to any specific risks identified from this.
    It is worth looking at the PCAOB guidance around Safeguarding of Assets which may also help.

  • Thanks Denis - appreciate your thoughts

Log in to reply