Find out which COBIT principles you can address with Netwrix Auditor to achieve compliance with SOX
The Sarbanes-Oxley (SOX) Act was enacted in 2002 to enhance corporate responsibility, require financial disclosure, and combat corporate and accounting fraud. All public companies in the U.S., without exception, are subject to SOX compliance, including overseas operations of U.S. public companies and international companies listed on U.S. exchanges. SOX requires them to ensure internal control over financial reporting, while giving public companies the flexibility to select the “recognized control framework” of their choice. One of such frameworks is COBIT, which is focused on governance of enterprise information technology; it is aligned with another common framework, COSO, which provides more general guidance on internal control over financial reporting. These frameworks are more effective in tandem, since COBIT complements COSO in the area of IT controls required to be SOX compliant. The SOX compliance software solution from Netwrix supports the following COBIT principles:
APO12 Manage Risk
- APO12.01 Collect data
- APO12.02 Analyze risk
- APO12.06 Respond to risk
APO13 Manage Security
- APO13.01 Establish and maintain an ISMS
BAI10 Manage Configuration
- BAI10.02 Establish and maintain a configuration repository and baseline
- BAI10.04 Produce status and configuration reports
DSS01 Manage Operations
- DSS01.03 Monitor IT infrastructure
DSS02 Manage Service Requests and Incidents
- DSS02.04 Investigate, diagnose and allocate incidents
- DSS02.05 Resolve and recover from incidents
DSS05 Manage Security Services
- DSS05.04 Manage user identity and logical access
- DSS05.07 Monitor the infrastructure for security-related events
Learn more about how Netwrix Auditor can help you implement the COBIT framework and support your SOX compliance management program.
Depending on the configuration of your IT systems, your internal procedures, the nature of your business and other factors, Netwrix Auditor might also facilitate implementation of COBIT processes and practices not listed above.
See exactly how Netwrix Auditor helps you establish the controls required for SOX compliance
Netwrix Auditor is a visibility platform for user behavior analysis and risk mitigation that enables control over changes, configurations and access in hybrid IT environments. The platform provides security intelligence to identify security holes, detect anomalies in user behavior and investigate suspicious activities in time to prevent critical issues that can affect your data security. Unlike many of the SOX compliance tools on the market, it delivers enterprise-wide visibility and provides the evidence required to prove you have internal controls that ensure the security of information systems and sensitive data — both on premises and in the cloud.
Demonstrate a proactive approach to identification and remediation of IT security gaps
Leverage IT Risk Assessment reports to strengthen your enterprise risk management practices. Identify security holes in three key areas of your IT environment — account management, security permissions and data governance — and use the security intelligence provided to reduce risks to data security.
Ensure that only eligible users have access to financial applications and data
Regularly monitor the groups that have access to your important financial data and applications. Ensure that the design and membership of these security groups is in line with your compliance audit management program. Delete accounts with a “disabled” status in a timely manner, and avoid tangled group nesting.
Stay on top of all access to your financial records
Get an automated notification any time someone accesses a database that contains financial records, so you can respond quickly to any suspicious access and prevent improper alteration of financial data. Alerts like this improve the efficiency of your incident detection processes.
Prove to auditors that you have control over user activity in your financial applications
Implementation of video recording can help you keep business users who deal with accounting software under close surveillance and hold them accountable for their actions. It also gives you the evidence you need to prove the integrity of your financial reporting.
Quickly find answers to unexpected questions from auditors
Quickly provide answers to specific questions from auditors, such as how the membership of privileged groups changed during the past year and who made the changes, and demonstrate that you manage privileged access properly.