The Aim of the Law
The Sarbanes-Oxley Act of 2002 (SOX) was signed into law in 2002 in response to a number of major corporate and accounting scandals. This law sets standards for all US public companies, any international companies that have registered equity of debt securities with the U.S. Securities and Exchange Commission (SEC), and for management and public accounting firms as well. The aim of the law is to increase transparency in corporate governance and financial reporting.
Internal Controls of a Company
In Sections 302 the SOX requires that the CEOs and CFOs be personally responsible that all company’s records are complete and accurate, in other words, they accept personal responsibility for that and certify that internal controls are in place. Section 404 addresses the monitoring and maintenance of internal controls of a company.
Consequences for SOX Non-Compliance
The legal consequences for SOX non-compliance for CEOs and CFOs are severe: up to $5 million in fines and up to 20 years in prison. The above-mentioned companies now must comply with SOX both on the financial side and on the IT side. And that is due to the fact that in most cases all financial records are now digital. In the result, SOX compliance requires a particularly robust and secure IT infrastructure. Mishandled or damaged data is not a valid excuse for SOX noncompliance.
DataSunrise Facilitates SOX Control
DataSunrise provides a comprehensive solution for enterprises to monitor any changes in financial data, as well as control and audit access to it. Regular generation of highly customizable reports helps to identify and eliminate possible leaks of sensitive data.
Financial Data Changes Auditing
DataSunrise Data Security solutions monitor all changes that affect financial transactions, including data changes, user rights, database configuration, as well as auditing access to documents stored in Amazon S3 buckets and mask these documents if necessary. At the same time, server performance and an existing application architecture remains unchanged. DataSunrise allows you to choose the most suitable deployment mode: Proxy, Sniffer, or reading database audit logs. A simple and flexible reporting system enables you to track all database activity by external and internal users.
Protect Financial Data from Unauthorized Access
DataSunrise controls user access and ensures that only authorized users can access sensitive data. DataSunrise allows you to easily configure the user access level to data, providing them with minimal and sufficient privileges.
Implement an Automated Process for Finding New Sensitive Data, Auditing and Protecting It
DataSunrise Data Security solutions ensure centralized management and automate audit rules, security, and dynamic masking configuration to maintain SOX compliance at all times. This is achieved by periodic sensitive data discovery using table relations.
Ensure Separation of Duties and Auditor Independence
DataSunrise Vulnerability Assessment scans all databases and assesses vulnerabilities for a specific version of the database, provides recommendations for their elimination and secure configuration, so you know about existing problems and remediation steps.
DataSunrise Static Data Masking
DataSunrise Static Data Masking allows to create a properly limited data set with selective replacement of real private data with fake values based on production data. This enables you to securely transfer only the necessary information between departments of the enterprise, such as software development and testing environments.