Sarbanes-Oxley Compliance (SOX)

The Sarbanes-Oxley Act (SOX)
One of the most famous regulatory compliance standard is Sarbanes-Oxley Act. The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. The regulatory compliance standard is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long. Implementers can get up-to-date information regarding Sarbanes-Oxley Act of 2002 from US Securities and exchange commission of Pakistan. The Sarbanes-oxley act in 2002 sets a number of rules on the corporate governance and responsibilities of public companies. Due to which Securities and Exchange Commission has set deadlines for compliance of 15th June 2004 for corporations with a total turnover of $75 million yearly and 15th April 2005 for smaller companies.

Sarbanes-Oxley Act emphasis more on reporting obligations from senior executives, auditors and securities analysts Essence of this act is to ensure CIA of financial data. This is present in the following:

  • Section 103 - Auditing, Quality Control, And Independence Standards and Rules
    Requires maintenance of all audit-related records (including electronic) for 7 years.

  • Section 302 - Corporate Responsibility For Financial Reports
    Requires CEO and CFO to certify the accuracy of corporate financial reports.

  • Section 404 - Management Assessment Of Internal Controls
    Requires CEO, CFO and auditors to confirm the effectiveness of internal controls for financial reporting.

  • Section 409 - Real Time Disclosure
    Requires any significant changes in financial state of issuer "on a rapid and current basis."

  • Section 802 - Criminal Penalties For Altering Documents
    Requires retention and protection of audit and related documents, including electronic records.

  • Section 906 - Corporate Responsibility For Financial Reports
    Requires CEO and CFO to certify the accuracy of corporate financial reports.

Secure Auditor™ a network based security auditing tool implies distinct methodologies to explore vulnerabilities in different operational systems, specially in finding application layer security vulnerabilities like deletion, modification and access control within the database.

Secure Auditor™ extends an important role in compliance to Sarbanes Oxley Act by providing detailed and in depth reports of vulnerabilities which could be exploited to gain access to the critical information stored on the network; hence mitigating the risk of attack.

Section 404 of this act entitled "Management Assessment of Internal Control", deals with the responsibility of company's management to maintain an internal control structure for financial data , reporting and to perform regular audits on this system. Secure Ora Auditor™ will go a long way in compliance with this Act as it is explicitly programmed to assess vulnerabilities and present a detailed report on application Layer security vulnerabilities which could be exploited for gaining access to the database servers.

The Act mandated a number of reforms to enhance corporate responsibility, enhance financial disclosures and combat corporate and accounting fraud, and created the "Public Company Accounting Oversight Board," also known as the PCAOB, to oversee the activities of the auditing profession.
The full text of the Act is available at:

Secure Auditor SOX Compliance Statement.




Home Security Auditing Secure Auditor Suite 24/7 Support Center Buy Online
About Us Security Assessment Secure Oracle Auditor Knowledge Base
Resources Network Designing Secure Windows Auditor
Careers System Hardening Secure Cisco Auditor