The "Sarbanes-Oxley Compliance Kit - Mandated Regulations Impact IT - Platinum Edition" report has been added to Research and Markets' offering.

The audit spotlight now shines on IT. After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Sarbanes Oxley Compliance Kit you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption and cost.

The Sarbanes Oxley Compliance Resource Kit Platinum Edition includes the following components: Security Manual Template, Sensitive Information Policy, Disaster Recovery Template, Safety Manual Template, Threat & Vulnerability Assessment Tool, Business & IT Impact Questionnaire, Practical Guide for IT Outsourcing, Chief Security Officer Job Description, Internet and IT Job Descriptions HandiGuide PDF, Internet and IT Job Descriptions - Individual editable MS WORD files for all job descriptions in the HandiGuide, and IT Service Management Template - includes change control and help desk.

Sarbanes-Oxley Section 404 requires that:

  • Enterprises have an enterprise wide security policy;
  • Enterprises have enterprise wide classification of data for security, risk, and business impact;
  • Enterprises have security related standards and procedures;
  • Enterprises have formal security based documentation, auditing, and testing in place;
  • Enterprise enforce separation of duties; and
  • Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.

SOX adopted the COSO model of controls, which is the same model that SAS 70 audits have utilized since inception. SOX heightened the focus placed on understanding the controls over financial reporting and identified a type II SAS 70 report as the only acceptable method of obtaining third-party assurance regarding the controls at a service organization. Security "certifications" are excluded as acceptable substitutes for a type II SAS 70 audit report.

In addition the ISO 27000 standard is used in SAS 70 reports. The Security Manual Template contains an ISO 27000 Security Process Audit Checklist. These two items directly address a service organization's descriptions of controls. The auditor can use these to help them in the evaluation of the service organization's control framework.

Preparation for Disaster Recovery/Business continuation in light of SOX has two primary parts. The first is putting systems in place to completely protect all financial and other data required to meet the reporting regulations and to archive the data to meet future requests for clarification of those reports. The second is to clearly and expressly document all these procedures so that in the event of a SOX audit, the auditors clearly see that the DR plan exists and will appropriately protect the data.

To meet these needs the Sarbanes Oxley Compliance Resource Kit contains:

  • Security Policies
  • Threat & Vulnerability Assessment Tool
  • Business & IT Impact Questionnaire Risk Assessment Tool
  • Safety Program Template
  • Disaster Recovery Template
  • Outsourcing guide update to reflect what you vendors need to do
  • Internet and IT Job Descriptions
  • IT Service Management Template
  • Service Request Policy and Standard
  • Help Desk Policy, Procedure, Standard, and Service Level Agreement
  • Change Control Standard, Quality Assurance Standard, and Management Workbook
  • Documentation Standard
  • Version Control Policy and Standard
  • Sensitive Information Standard
  • Blog and Personal Web Site Policy
  • Travel and Off-Site Meetings Security Policy
  • Internet, e-mail and electronic communication Policy

For more information about this report visit https://www.researchandmarkets.com/research/dwrkrm/sarbanesoxley?w=4