SOX sets data protection standards for all US public company boards, management and accounting firms.
Does my organization need to be SOX compliant?
Since modern accounting systems are computer based, accurate financial reporting depends on reliable and secure computing environments. Since the implementation of the SOX Act of 2002, the responsibility for organization’s to accurately report and protect company data lands on the shoulders of senior management, including the potential for personal liability for CEOs and CFOs. The state goal of SOX: “To protect investors by improving the accuracy and reliability of corporate disclosures.”
What to know about the SOX Act:
For IT Managers and executives setting out high-level data security goals, compliance with SOX is an important ongoing concern. With this in mind, SOX regulations can be extremely beneficial in order to regulate and eliminate the threat of fines and other penalties. By becoming SOX compliant, smart companies use SOX as a framework for: auditing existing IT inefficiencies
-streamlining the auditing processes to increase productivity at reduced costs
-and most effectively respond in the event of a breach
Third-party compliance experts like MDS, or internal IT professionals need to understand and comply with SOX often within a short time frame with limited budgets. With MDS, we can assist in the creation of realistic compliance strategies that address the specific, necessary guidelines for SOX security protection requirements.
- Administrative Safeguards
- Physical Safeguards
- Technical Safeguards
- Organizational Requirements, Policies & ProceduresA SOX Compliant Audit of a company’s internal controls must take place by an independent auditory once per year.
What You Need to Do - and How MDS Can Help:
The first thing to do when preparing your organization for SOX compliance is to understand which sections of the act have clear implications for data management, reporting and security, and what MDS can do to make you complaint. These sections are Section 302 and Section 404, and are broken down as follows:
Section 302 is related to a company’s financial reporting. The act requires a company’s CEO and CFO to personally certify that all records are complete and accurate. This means they must verify that they will be held personally accountable for all internal controls and that they have been reviewed within the past 90 days. Internal controls include a company’s internal infrastructure of all electronic accounting and reporting structure.
Section 404 stipulated further requirements for the monitoring and maintenance of internal controls related to a company’s accounting and financials. It requires businesses to have an annual audit of these controls by a third-party. The audit assesses the effectiveness of all internal controls and reports its finding directly back ot the SEC.
Note: What SOX compliance audit does not specifically mention information security, for practical purposes, an internal control is understood to be any type of protocol dealing with the infrastructure handing financial data electronically.
HIPAA Privacy Rule Assessment
Like with the HIPAA Security Rule, MDS assess your organization’s compliance posture through the design, implementation, and effectiveness of controls. When weak spots or deficiencies are noted, MDS provides comprehensive recommendations to assist with remediation efforts.
HIPAA Training, Workshops, and Consulting Services
MDS understands that each organization is unique and faces their own set of challenges. Our experts are available to consult with all HIPAA-related matters.
Building out and maintaining your IT ecosystem doesn’t have to be a do-it-yourself project. MDS can help identify network issues, configure devices, and optimize your infrastructure to maximize efficiency and performance. Our consultants are highly trained technology specialists that understand the complexities of multi-vendor environments and have the knowledge and skills to help your business become more agile, customer-focused and operationally efficient.