Facebook Twitter Linked In
Panacea InfoSec

SARBANES-OXLEY ACT (SOX)

Sarbanes-Oxley (SOX) Sections 404 (c) and 404 (d) call out compliance regulations enacted to ensure the integrity of the financial results reported by public companies. A key component of SOX compliance is managing Segregation of Duties (SoD).

A SOX Segregation of Duties violation occurs when an organization cannot sufficiently prove that users do not have conflicting privileges that allow them to manipulate financial data, thus altering the results reported by the public company. Ensuring that proper SoD controls are in place is a key consideration of external auditors when validating an organization's financial results. Auditors specifically evaluate the appropriateness of privileged user access to databases containing financial data.
 
Ensuring proper SoD controls is directly related to the assignment and auditing of database user rights and entitlements. In any organization, there are users with excess privileges, providing them access to financial data beyond what they need to do their jobs. Organizations must modify the privileges assigned to these users to ensure the integrity of financial data. However, there are users whose jobs require privileged access to databases containing financial data. These users include DBAs, internal application developers and system administrators. SOX regulations require monitoring the activities of these privileged users to ensure they are not compromising the integrity of the company's financial data.

In addition, SOX requires identification and remediation of  database vulnerabilities and misconfigurations that leave financial data exposed to unauthorized manipulation.

DbProtect allows organizations to manage the SoD conflicts and eliminate database vulnerabilities. 

Five Steps To Cost-Effective SOX Compliance - Two Minute Tutorials

sox compliance

Contact us