Meeting Sarbanes Oxley Act (SOX) and GLBA Compliance Requirements for Protecting Data-at-Rest
The Sarbanes-Oxley Act of 2002 (SOX), is a United States federal law enacted on 30 July 2002, which sets standards for all US public company boards, management and public accounting firms. The primary sections of the SOX Act that concern protecting data are SOX Act sections 302 and 404. Data protection compliance requirements in both SOX Act sections 302 and 404 are most concerned with the accuracy and content of required financial reports.
Sarbanes-Oxley Act section 404 has two major compliance requirements:
Management is accountable for establishing and maintaining internal controls and procedures that enable accurate financial reporting, and assessing this posture every fiscal year in an internal control report.
Public accounting firms that prepare or issue yearly audits must attest to, and report on, this yearly assessment by management.
Sarbanes-Oxley Act section 302 expands this with compliance requirements to:
List all deficiencies in internal controls and information, as well as report any fraud involving internal employees.
Detail significant changes in internal controls, or factors that could have a negative impact on internal controls.
Any financial information needs to be safeguarded, and its integrity assured. Specific internal security controls need to be identified that protect this data, auditing must take place, and this security posture re-assessed every year – including any changes or deficiencies as a result of changing conditions.
Spirion provides key portions of the solution to Sarbanes-Oxley compliance problems, providing security controls that enable organizations to discover, classify and monitor all confidential and financial data across widespread heterogeneous infrastructures – these include virtualized environments and cloud implementations.
Spirion provides a solution to help organizations discover, classify, monitor and respond transparently without changes to operational processes and the daily work of healthcare professionals. Spirion provides technical safeguards to automatically identify and classify electronic protected health with an easy-to-deploy, centrally managed solution that integrates with your existing security infrastructure. Spirion's open APIs allow integrations with your existing DLP tools, encryption software, data-archiving and storage solutions offered by leading technology providers such as Symantec, Intel Security and others to help increase the benefits from existing spend on these data security solutions.