Sarbanes-Oxley (SOX) Compliance

Monitoring for SOX compliance cost-effectively requires leveraging existing investments in applications and databases while having a comprehensive, integrated view of security compliance that ties controls back to business practices. Companies must be able to provide the necessary audit trail of configuration control, access and change.

Publicly traded U.S. corporations must maintain compliance with the security provisions of the Sarbanes-Oxley Act of 2002 (SOX). Companies subject to SOX must monitor their environments and prove compliance with the guidance found in the control framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

NTT Security services help companies cost-effectively comply with SOX security requirements.

NTT Security services help publicly traded companies with:

Assess and Measure Gaps COSO assessment methodology performed by experienced certified security experts applied to SOX provisions; prioritized and actionable recommendations; peer benchmarking.
Remediate and Enhance Experienced certified security experts, security program, policy and procedures design, services, tools and process implementation.
Execute and Monitor SOX compliant privileged user monitoring; application and database access and management monitoring; Log Monitoring, Log Management; Vulnerability Management; and Security Device Management.
Demonstrate Compliance Pre-defined SOX compliant and customizable reporting; secure evidence repository for all compliance related assessments, documents, policies, results, and reports; integrated ticketing of problems and incidents with assignment and tracking.

NTT Security has:

  • Broad experience meeting SOX compliance using the COSO framework.
  • A staff of experienced, certified security experts.
  • Proven security services.
  • Certified security experts (CISSP, CISA, CISM, GCIA, CSOA, QSA, HITRUST CSF and others).


Compliance Activity NTT Security Services / Capabilities Regulatory Mapping
Assess and Measure Gaps Technical Consulting COSO from COBIT 4.1
Remediation and Enhancement Technical Consulting; authorized partner consulting services 144 of the 469 COSO Security Controls
Execute and Monitor Security Program Log Monitoring, Log Management; Vulnerability Management; Security Device Management and authorized partner consulting services All 59 COSO Controls with technical requirements
Demonstrate Compliance Evidence Log Vault; security and compliance reporting All 23 COSO Controls with auditing and reporting requirements


What's New

Blog: New and Improved Dridex

Webinar: 2016 Global Threat Intelligence Report Review

White Paper: Defending Against Advanced Persistent Threats - Download