Enterprises have an enterprise wide security
policy;
Enterprises have enterprise wide
classification of data for security, risk, and business impact;
Enterprises have security related standards
and procedures;
Enterprises have formal security based
documentation, auditing, and testing in place;
Enterprise enforce separation of duties; and
Enterprises have policies and procedures in
place for Change Management, Help Desk, Service Requests, and changes to
applications, policies, and procedures.
SOX adopted the
COSO
model of controls, which is the same model that SAS 70 audits have
utilized since inception. SOX heightened the focus placed on
understanding the controls over financial reporting and identified a
type II SAS 70 report as the only acceptable method of obtaining
third-party assurance regarding the controls at a service
organization. Security "certifications" are excluded as acceptable
substitutes for a type II SAS 70 audit report.
In
addition the ISO 27000 standard is used in SAS 70
reports. The Security Manual Template contains an ISO 27000
Security Process Audit Checklist.
These two items directly address a service organization's
descriptions of controls. The auditor can use these to help them in
the evaluation of the service organization's control framework.
Preparation for Disaster Recovery / Business
continuation in light of SOX has two primary
parts. The first is putting systems in place
to completely protect all financial and
other data required to meet the reporting
regulations and to archive the data to meet
future requests for clarification of those
reports. The second is to clearly and
expressly document all these procedures so
that in the event of a SOX audit, the
auditors clearly see that the DR plan exists
and will appropriately protect the data.
To meet these needs the Sarbanes Oxley
Compliance Resource Kit, which comes in four editions (Standard, Silver, Gold,
and Platinum) contains:
Business & IT Impact Questionnaire Risk
Assessment Tool (all editions);
Safety Program Template (all editions);
Disaster Recovery Template (all editions);
Outsourcing guide update to reflect what you
vendors need to do (all editions);
Software tool to monitor key data files (all
editions);
Internet and IT Job Descriptions (Silver,
Gold, and Platinum Editions) and;
IT Service Management Template (Platinum
Edition) includes
Service Request Policy and Standard
Help Desk Policy, Procedure, Standard, and
Service Level Agreement
Change Control Standard, Quality Assurance
Standard, and Management Workbook
Documentation Standard
Version Control Policy and Standard
Sensitive Information Standard
Blog and Personal Web Site Policy
Travel and Off-Site Meetings Security Policy
Internet, e-mail and electronic
communication Policy
See Table Below
Component
Standard
Silver
Gold
Platinum
Security Manual Template
x
x
x
x
Threat & Vulnerability Assessment Tool
x
x
x
x
Business & IT Impact Questionnaire Risk
Assessment Tool
x
x
x
x
Safety Program Template
x
x
x
x
Outsourcing guide
x
x
x
x
DiskMonitor (Desktop)
x
x
x
x
Internet and IT Job Descriptions (PDF
Format)
x
x
x
Internet and IT Job Descriptions (Word
Format)
x
x
Internet and IT Job Description
HandiGuide (PDF Format)
x
Service Request Policy and Standard
x
Help Desk Policy, Procedure, Standard, and
Service Level Agreement
x
Change Control Standard, Quality Assurance
Standard, and Management Workbook
x
Documentation Standard
x
Version Control Policy and Standard
x
Sensitive Information Standard
x
Blog and Personal Web Site Policy
x
Travel and Off-Site Meetings Security Policy
x
Internet, e-mail and electronic
communication Policy
x
Security Manual
The plan is over 215 pages and includes
everything needed to customize the Internet and Information Technology
Security Manual to fit your specific
requirement. The electronic document includes proven written text and
examples for your security plan.
Disaster Recovery Plan (DRP)
This Disaster Recovery Plan (DRP) can
be used as a template for any enterprise. DRP is sent to you via e-mail in WORD
and/or PDF format. Included is a 13 page Business Impact Questionnaire
as well as a 3 page Job Description for the Disaster Recovery Manager.
IT Job Descriptions
The 192 Internet and IT Position
Descriptions are in Word for Windows format. Includes positions
from CIO and CTO to Wireless and Metrics Managers.
The
IT Service Management Template
The IT Service Management Template contains policies, standards, procedures
and metrics for Change Control, Help Desk and Service
Request processing. ITSM template also contains
several easy to implement forms and conforms
with ITIL.
Practical Guide for IT Outsourcing
The guide is 91 packed pages and includes
everything needed to plan for, negotiate, and manage an outsourcing
process within an enterprise.
Safety
Program Template
Safety Program is 60 pages and includes
everything needed to customize the Safety Program to fit your specific
requirement. The Safety was updated in December of 2004 and
reflects the latest issues associated with the most recent
legislation (Sarbanes Oxley).
DiskMonitor
Network Administrators,
DRP
Coordinators, and Security Managers -
can use DiskMonitor (DSM) to view drive and
folder usage. Local drives as well as network shares are supported. UNC pathing and Drive$ shares are supported as well.
Ingrained Depositary Needed good terms Dallas
Hoeing directory about Sarbanes-Oxley 404 acceptance roll and empirical. Well-versed spite of Microsoft Newsworthiness, Be born for, and PowerPoint. Quickness till ravel out willfully. Scheming 60% conduction- trivial perch- 25% ...more Carbox -- The Next New Revenue Frontier For Lawyers
Most likely, you've heard of Sarbanes-Oxley Act, which requires companies to disclose to investors any business risks facing the company. Now there's a new hybrid -- Carbox -- which refers to a company's obligation under SOX to disclose ...more IPO Drought for Venture CapitalSarbanes Oxley, by the way, is a big deal for some companies … that’s the law that requires a collection of new hoops regarding documentation and securities and so forth, that companies have to jump through to go public.
more Trouble handling risk
Still, this survey will provide more ammunition for the SOX-bashers. See full article. Related Entries:. New probe to change Sarbanes-Oxley: the fix is in - 13 September 2006. Audit committees without accountants - 30 November 2006 ...more Internal Audit Manager/Director
•Serve as internal liaison for Sarbanes Oxley (SOX) compliance and testing company wide (404 & 302). •Review, establish, and re-develop corporate policy & procedure documentation. ***Please e-mail resume ASAP directly to ...more SENIOR PROJECT ANALYST
Position Purpose: Provide management with timely plans and analysis to facilitate successful execution and completion of the Annual Internal Control Program with a primary focus on Sarbanes-Oxley (SOX) 404 work. ...more Sarbanes-Oxley Analyst
Robert Half Management Resources is looking for a Sarbanes-Oxley analyst for a Portland area public company that has a need for an experienced Sarbanes Oxley analyst to assist with the review and implementation of their controls testing ...more MySQL DBA
Must have significant experience working in a team environment. Must have experience working with customers – both external and internal Specific expertise that is of particular interest to us: Security SOX (Sarbanes/Oxley) ...more Sarbanes-Oxley: It's Delicious and (Mostly) Good for You
oversight needed to be relaxed, otherwise the US -- New York City in particular -- the SOX-ripping still continues. Tuesday, the National Venture Capital Association that 57 percent of its members.
more Sarbanes-Oxley: It’s Delicious and (Mostly) Good for You
Zubin Jelveh submits: On the day Treasury Secretary Paulson calls for tougher banking regulation, it's worth remembering that less than two years ago, the Paulson-backed Committee on Capital Markets Regulation was campaigning for the ...more
Safety
Program Template