The Sarbanes-Oxley Act (SOX) was passed in 2002 in the wake of a number of major corporate accounting scandals, particularly the Enron scandal. To prevent a situation like Enron from occuring again, SOX mandates checks and balances to ensure the accuracy and transparency of corporate disclosures and to protect enterprise shareholders and the general public from accounting errors and fraudulent practices.
SOX applies to public companies, wholly-owned subsidiaries and foreign companies that are publicly traded and do business in the United States, and accounting firms that perform SOX compliance audits. Companies that are considering a potential initial public offering (IPO) should ensure they comply with SOX before they launch their IPO.
SOX Compliance & Cybersecurity
SOX audits require organizations to provide voluminous documentation providing that they have established internal controls spanning five key areas and that these controls are working effectively:
1- Control Environment
2- Risk Assessment
3- Control Activities
4- Information and Communication
Setting up and maintaining these controls is quite a bit of work, especially since organizations must prove that their controls are operating continuously, year-round. However, much of the work that organizations have to do for SOX is work that they would have to do anyway to prevent cyberattacks.
How Keeper Simplifies SOX Compliance
Since every user within an enterprise network is a potential risk factor, the protection of credentials and access to financial systems is essential for organizations to comply with SOX financial reporting and disclosure requirements. It is also crucial for organizations to automate as many compliance processes as possible. Since SOX compliance must be continuous, audit-related activities take place throughout the year, placing additional burdens on already-overworked IT staff.
Keeper eases SOX compliance monitoring and reporting by giving IT administrators full visibility and control over employee password usage and role-based systems access throughout their data environments, with customizable audit logs and event reporting. Keeper supports robust internal controls through delegated administration, enforcement policies, event tracking, monitoring, and reporting.
The Keeper Commander SDK eases SOX audit reporting by enabling administrators and authorized end-users to run reports relevant to meeting SOX compliance requirements. Additionally, the Keeper Advanced Reporting & Alerts (ARAM) Module empowers IT administrators to monitor any size user population; receive focused, summary trend data and real-time notifications of risky or unusual behaviors; and run customized reports.