SOX Compliance across O/S, DB and Apps
In the US, the Sarbanes-Oxley Act of 2002 (SOX) was enacted in response to a number of major corporate and accounting scandals. Similar corporate governance has since become a requirement in Europe (E-SOX) and Japan (J-SOX). South African companies listed on stock exchanges overseas governed by SOX are also required to be complaint.
Compliance also encompasses the examination of the controls within an Information Technology infrastructure.
Examples of such controls as follows:
- Track or audit and report on changes at O/S, Database and Application level.
- Track and report on all changes occurring with a Change Control implementation.
- Account auditing and reporting
- Account sharing and reporting
Below are some infrastructure considerations:
- Audit Repository
- Individual Accountability on all tiers
- Database security lockdown
- Privileges and Role Control
- Software Access Control
- Server Lock Down
- Command Restriction
- Resource Restriction
- Resource Management
- Sign on and Password Security
- Implementation Control
- Data Refresh Procedures
- Non-Production Environment Security
RDB has compliance solutions at O/S, Database and Application level, and will implement auditing and reporting in all three tiers in order that they meet the stringent SOX requirements.