non-employee accounts 2643



  • Is it a violation of SOX to have a non-employee account with access to the company’s network activley used?



  • Is it a violation of SOX to have a non-employee account with access to the company’s network activley used?
    No



  • No - As Kymike shares, this is quite common. Just wanted to add that it’s important to:
    – Identify any associated risks
    – Have good corporate policies and standards governing outside access
    – Log access to sensitive finanicial systems
    – Ensure every outside person has their own individual account (not shared)
    – Ensure they participate in password rotations or even more industrial strength access controls (like 2-factor for example)
    – Ensure there are checks-and-balances, automony controls, and all other good classical audit controls


Log in to reply