In the wake of the accounting scandals at Enron and other organizations, there was a public outcry among shareholders for corporate responsibility and financial accountability. The Sarbanes Oxley Act of 2002 was passed as legislation in response to the failures of public companies to establish effective internal controls, which are a set of policies, procedures, and activities that set the tone for effective corporate governance. Internal controls are required for reliable financial reporting and transparency, and in keeping up with the times, a proposed new bill, the ‘Cybersecurity Systems and Risks Reporting Act’ will amend SOX to apply to cybersecurity systems the same stringent requirements that are presently require for financial reporting.
There are several provisions of SOX of which currently there are two SOX sections that relate to information and cybersecurity systems. Section 302 requires corporate responsibility for both financial reporting and strengthening of information systems. Section 404 requires adequate internal control and cybersecurity systems structures and procedures for both financial and information systems reporting.
Non-compliance with the provisions laid down in SOX can lead to heavy fines and imprisonment. At GRM, we will conduct a detailed gap analysis to determine your current level of compliance and outline the steps needed to achieve full compliance with SOX. This includes a comprehensive assessment of your network and security infrastructure, data flow analysis, and configuration reviews of different system components. We will also conduct interviews with key staff members to determine if there are any edge cases that need to be considered.
Our compliance and security experts will then offer detailed guidance to bring your systems to comply with the information systems and cybersecurity systems provisions outlined in SOX. This includes installing and maintaining properly configured firewalls; ensuring that data at rest and in transit is made unintelligible by using encryption; implementing a robust vulnerability management program that covers measures to harden the IT environment against malware attacks. We will also help you implement strong access control measures so that exposure to sensitive data is limited on a need-to-know basis by users who have been authenticated. Our team will work with you to set up a security operations center that monitors and tracks access to network resources and sensitive data, thereby allowing you to assess and detect any possible fraudulent activity in an organization We will also carry out vulnerability assessments and penetration testing periodically or at any time there is a significant change to the system thereby uncovering vulnerabilities and preempting any risks.
As your consultant, we consider it our mandate to define a comprehensive information systems infrastructure – related to people, processes, and technology – that will help your organization adapt to the changes in the threat environment thereby ensuring that risks to your business are mitigated and your information system are resilient to cyber attacks. We will provide detailed documentation in regards to policies, procedures, technical and physical controls so as to meet compliance requirements and mitigate risks to your business and data.
Our team will carry out extensive trainings and internal audits to set you up for success. We believe compliance is a continuous process and with GRM Technologies by your side, you can be rest assured that we will help you achieve and maintain your SOX compliance, and establish the necessary cybersecurity controls to preserve the confidentiality, integrity, and availability of your data.
Copyright @ 2024 GRM Technologies Pvt. Ltd.. All Rights Reserved.