Monitoring for SOX compliance cost-effectively requires leveraging existing investments in applications and databases while having a comprehensive, integrated view of security compliance that ties controls back to business practices. Companies must be able to provide the necessary audit trail of configuration control, access and change.
Publicly traded U.S. corporations must maintain compliance with the security provisions of the Sarbanes-Oxley Act of 2002 (SOX). Companies subject to SOX must monitor their environments and prove compliance with the guidance found in the control framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Solutionary services help publicly traded companies with:
|Assess and Measure Gaps||COSO assessment methodology performed by experienced certified security experts applied to SOX provisions; prioritized and actionable recommendations; peer benchmarking.|
|Remediate and Enhance||Experienced certified security experts, security program, policy and procedures design, services, tools and process implementation.|
|Execute and Monitor||SOX compliant privileged user monitoring; application and database access and management monitoring; Log Monitoring, Log Management; Vulnerability Management; and Security Device Management.|
|Demonstrate Compliance||Pre-defined SOX compliant and customizable reporting; secure evidence repository for all compliance related assessments, documents, policies, results, and reports; integrated ticketing of problems and incidents with assignment and tracking.|
|Compliance Activity||Solutionary Services / Capabilities||Regulatory Mapping|
|Assess and Measure Gaps||Professional Security Services||COSO from COBIT 4.1|
|Remediation and Enhancement||Professional Security Services; authorized partner consulting services||144 of the 469 COSO Security Controls|
|Execute and Monitor Security Program||Log Monitoring, Log Management; Vulnerability Management; Security Device Management and authorized partner consulting services||All 59 COSO Controls with technical requirements|
|Demonstrate Compliance||Evidence Log Vault; security and compliance reporting||All 23 COSO Controls with auditing and reporting requirements|