Home / Compliance Solutions / Sarbanes-Oxley
COMPLIANCE SOLUTIONS
HIPAA
Sarbanes Oxley
PCI
Regulatory Compliance
Data Privacy
 
request a demo >>
submit request >>
RESOURCES & DOWNLOADS
Datasheets
White Papers
Case Studies
Recorded Webinars
Product Downloads & Updates
Register for Product Demo
Open Source Security Policy
Compliance Guide
"Because of Sarbanes-Oxley, we had corporate internal auditors telling us we needed to be compliant with a whole list of specifications. This was also necessary to help us prepare for external audits"

Gavin Inman, Stryker Corporation,
Interdivisional Database Administrator
Full Case Study
 
A Quick Summary:
The Sarbanes-Oxley Act (SOX) applies to publicly traded companies in the U.S. that are regulated by the Securities and Exchange Commission. Its goal is to increase levels of executive awareness and accountability in both public companies and public accounting firms. Information security is not mentioned explicitly in the Act. Instead, the main emphasis is on controls over the financial reporting process. A full copy of the act can be found online, but the core provisions of the SOX Act that affect the IT department are Section 302 and Section 404. Companies look to their auditors for direction on SOX compliance related issues. Today, the big 4 audit firms base their assessments on COBIT, which is a generally applicable and accepted standard for good Information Technology (IT) security and control practices.

The PowerTech Solution

A regulation intended to prevent fraud by corporate CEOs and CFOs has resulted in a tremendous burden of documentation and process improvement for IT departments. Companies of all sizes use PowerTech software to simplify and automate the task of SOX compliance on the iSeries. Even companies that have passed their initial SOX audits can find ways to cut costs and streamline the reporting process.

Segregation of duties and access control is a key part of any good internal controls process. Authority Broker enables companies to enforce segregation of duties by limiting, controlling, and auditing powerful user profiles that are typically used by IT staff.

Network Security closes the gaps in iSeries network access, ensuring that only employees with a demonstrated need can actually access and use data. With Compliance Monitor, companies can automatically run the reports they need to demonstrate SOX compliance on a regular basis. Compliance Monitor simplifies the task of generating these reports across multiple systems – reports that are required by SOX (Section 302) on a quarterly basis.

PowerTech has also mapped the recommended reports that you can run in Security Audit to the relevant COBIT and ISO17799 standards. The Compliance Guide recommends best practices for security configuration and settings in OS/400, and the product ships with a recommended set of reports for SOX compliance.