Sarbanes Oxley Compliance

Sarbanes-Oxley
Compliance Auditing Tools

The audit spotlight now shines on IT. After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Sarbanes Oxley Compliance Kit you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.

Sarbanes-Oxley challenges the Information Technology function with requirements that impact day-to-day activities.

SOX compliance monitoring and auditing tools put in place the infrastructure that every enterprise that must comply with the requirements of this and other mandated security needs addresses.  Each of the components in this tool kit are easy to implement and meets the most stringent needs that you face.

  • Security Audit Program - Contains over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings. The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to ISO 27000, Sarbanes-Oxley, HIPAA, and PCI-DSS.

    The results are posted to a 22 page Excel worksheet that graphically summarizes the strengths and weaknesses of the enterprises security and compliance to best security practices. (Read on...)

  • Job Descriptions - Director Sarbanes-Oxley Compliance and Manager Sarbanes-Oxley Compliance job descriptions.
     

SOX Auditing Tools

 

 

 

 

Sarbanes Oxley Auditing News



Backup Strategy

Enterprise data protection and backup schemes range from the very simple to the very complex. In all but the simplest environments, you typically see a patchwork of software and hardware functionality layered together to prevent nearly any kind of data loss or corruption. Unfortunately, the technology deployed often defines the capabilities, rather than the business defining the capabilities that the technology must deliver. This is a dangerous trap to fall into -- both for you and for your organization.

Like an onion, a well-designed data protection scheme has many different layers, with functionality provided by different pieces of software and hardware. A wide range of technologies may come into play: SAN-to-SAN replication, SAN-provided storage snapshots, off-host backups, disk-to-disk backup, deduplication, virtual tape libraries, and server-based snapshots.

- more info


Security and DRP play a role in CIO Infrastructure Design

IT Infrastructure, Strategy, & Charter TemplateDesigning IT Infrastructure requires CIOs to consider the globalized world they are now in. It is necessary and valuable for CIOs to understand the fundamental trends that are pushing businesses to redesign their operations around this new reality.  Factors they need to consider are:

  • Security - With the growing importance of digital applications and data, the sources of threats to enterprise data have multiplied dramatically. Everything from natural disasters to criminals to corrupt sources within the company might try to steal or corrupt data. While businesses do everything that they can to stop these threats in the first place, they still must be prepared to recover from these threats as quickly as possible.
  • Business Continuity and Disaster Planning - As businesses have expanded the need for anytime, anywhere application access has become a requirement. At the same time, “follow the sun” (global 24/7) operations have shrinking maintenance windows and a need for applications to be running at all times. Delay or loss of data for any reason – system failure, natural disasters – has a domino-like effect across the entire organization, at any time of the day or night.
  • Flexibility - Most businesses now operate across international borders and CIOs must be able to respond to opportunities and challenges faster than ever before. CIOs are usually battling well-resourced organizations that may be based where the opportunity originated, or another globalizing company that is reaching out for new opportunities. In order to compete, a business has to be faster to deliver a product or service as good, or better, than that of potentially any other company in the world.
  • Simplicity - Increases in technology have typically led to increased complexity. While per unit costs of technology are always decreasing, in aggregate companies see an increase in cost. With the pressure on IT to act less as a cost center and more as a way to increase the profitability of business units, just adding more storage, more bandwidth, or additional technologies throughout the organization is no longer an acceptable approach to managing information technology. Successful CIOs are investing in numerous technologies including; continuous data protection, virtualization, and wireless connectivity.  They are trying slim down IT’s footprint while increasing their business’s competitive advantages. The CIO is typically in a difficult position, assessing where to try and cut costs while still moving forward with a plan to continually enhance IT services to the business.
- more info


Data De-duplication is a required tool for Disaster Planning

When it comes to backup and recovery, mid-market organizations are challenged to improve backup performance and reliability, manage costs, keep pace with capacity requirements, improve recovery performance and reliability and deal with tape media management. These requirements are driving deployment of disks with de-duplication in backup processes. But data de-duplication is only beginning to take hold in backup processes. For organizations employing tape-based backup strategies, use of de-duplication could enable disk-based protection while driving the cost of secondary disks closer to that of tape storage. - more info


Bank of America site goes down....

Bank of America was investigating an outage that affected an unknown number of customers but had ruled out a cyberattack, a representative said. Their disaster recovery plan was not activated.

"Our online-banking service is available," spokeswoman Anne Pace said in a telephone interview on Friday afternoon. "We ruled out a cyberattack, but are working with partners to determine the root cause."

Disaster Recovery Plan Template Business Continuity
The Standard - Over 3,000 Companies World Wide have chosen this DRP/BCP Template

Order DRP BCPSample DRP BCP

Checks  found the site down during the morning and afternoon, as late as 2:50 p.m. PST. Several people reported the outage to and Business Insider reported that the site was down most of the morning. Several others reported that they were able to get through to the site, although at least one said it was sluggish.

Bank of America's Twitter account was reporting that "Our Web site is available. However, some customers are having intermittent issues with access. We are working to determine the root cause."

One person reported that he discovered a work-around: "I tried going to the site via my mobile device, and it works! So then I typed the URL that my mobile device uses into my desktop browser, and I can get in. So it doesn't seem that the Web site, per se, is down, only the 'normal' entry portal?"

- more info


DR Plan tools defined in Janco DR Template

Your DR plan should be updated with tools that are collaborative in nature, enable teams and people to communicate remotely at any time, over any channel, and without dependency upon your IT infrastructure.Best Offer Bundle

Emergency notification and communication technology should provide not only an automated solution for message delivery, but also:

  • Enable companies to reach end users and allow them to respond anytime and from anywhere.
  • Enable notification over any text enabled or voice enabled device (inbound/outbound).
  • Provide local and global notification capabilities.
  • Provide a centralized, interactive tool for executing your DR plan, monitoring tasks and enabling real time coordination of resources and status updates.

Many organizations' DR efforts fall short once initial notifi cation has occurred. Rarely do organizations have a centralized method for employees, DR teams, executives, customers, etc., to access the DR Plan, task lists, or documents necessary to recovery efforts such as contracts and purchase orders. Prior to purchasing the Janco Disaster Recovery Plan Template, one large regional health care provider complained that once notifcation occurred, they were not able to coordinate the simplest of tasks. In a crisis situation, often times employees have no method to stay apprised of information. Stories abound of disaster recovery teams that become occupied answering employee phone calls and answering basic questions about a crisis, and are unable to focus on their primary task  - managing through a crisis to recovery.

- more info