Sarbanes Oxley Compliance

Sarbanes-Oxley
Compliance Auditing Tools

The audit spotlight now shines on IT. After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Sarbanes Oxley Compliance Kit you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.

Sarbanes-Oxley challenges the Information Technology function with requirements that impact day-to-day activities.

SOX compliance monitoring and auditing tools put in place the infrastructure that every enterprise that must comply with the requirements of this and other mandated security needs addresses.  Each of the components in this tool kit are easy to implement and meets the most stringent needs that you face.

  • Security Audit Program - Contains over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings. The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to ISO 27000, Sarbanes-Oxley, HIPAA, and PCI-DSS.

    The results are posted to a 22 page Excel worksheet that graphically summarizes the strengths and weaknesses of the enterprises security and compliance to best security practices. (Read on...)

  • Job Descriptions - Director Sarbanes-Oxley Compliance and Manager Sarbanes-Oxley Compliance job descriptions.
     

SOX Auditing Tools

 

 

 

 

Sarbanes Oxley Auditing News



Bank of America site goes down....

Bank of America was investigating an outage that affected an unknown number of customers but had ruled out a cyberattack, a representative said. Their disaster recovery plan was not activated.

"Our online-banking service is available," spokeswoman Anne Pace said in a telephone interview on Friday afternoon. "We ruled out a cyberattack, but are working with partners to determine the root cause."

Disaster Recovery Plan Template Business Continuity
The Standard - Over 3,000 Companies World Wide have chosen this DRP/BCP Template

Order DRP BCPSample DRP BCP

Checks  found the site down during the morning and afternoon, as late as 2:50 p.m. PST. Several people reported the outage to and Business Insider reported that the site was down most of the morning. Several others reported that they were able to get through to the site, although at least one said it was sluggish.

Bank of America's Twitter account was reporting that "Our Web site is available. However, some customers are having intermittent issues with access. We are working to determine the root cause."

One person reported that he discovered a work-around: "I tried going to the site via my mobile device, and it works! So then I typed the URL that my mobile device uses into my desktop browser, and I can get in. So it doesn't seem that the Web site, per se, is down, only the 'normal' entry portal?"

- more info


DR Plan tools defined in Janco DR Template

Your DR plan should be updated with tools that are collaborative in nature, enable teams and people to communicate remotely at any time, over any channel, and without dependency upon your IT infrastructure.Best Offer Bundle

Emergency notification and communication technology should provide not only an automated solution for message delivery, but also:

  • Enable companies to reach end users and allow them to respond anytime and from anywhere.
  • Enable notification over any text enabled or voice enabled device (inbound/outbound).
  • Provide local and global notification capabilities.
  • Provide a centralized, interactive tool for executing your DR plan, monitoring tasks and enabling real time coordination of resources and status updates.

Many organizations' DR efforts fall short once initial notifi cation has occurred. Rarely do organizations have a centralized method for employees, DR teams, executives, customers, etc., to access the DR Plan, task lists, or documents necessary to recovery efforts such as contracts and purchase orders. Prior to purchasing the Janco Disaster Recovery Plan Template, one large regional health care provider complained that once notifcation occurred, they were not able to coordinate the simplest of tasks. In a crisis situation, often times employees have no method to stay apprised of information. Stories abound of disaster recovery teams that become occupied answering employee phone calls and answering basic questions about a crisis, and are unable to focus on their primary task  - managing through a crisis to recovery.

- more info


How a CIO should chose a backup site

 Disater Plan Site SelectionDisasters cost money, interrupt business operations and may cause the enterprise or government agency to fail, which makes planning a business continuity issue. Disasters can interfere with or even terminate IT and communications services. It does not matter whether the disaster affects the enterprise, government or service provider. Floods, fire, volcanoes, earthquakes and other events can destroy a primary and backup site if they are too close together.

Telecom service providers can offer expert advice on where to locate a backup facility and should position themselves with CIOs to offer both consulting and services. After all, they have experience planning for their own primary and backup facilities, as well.

A CIO's selection of the backup site location will always have risks and liabilities attached to the decision. Adequate and reliable communications to the backup site and communications between the primary and backup sites are what most service providers can successfully offer to the CIO.

      

In choosing a backup site, CIO's must first determine how big a disaster plan for and budget for it. The level of disaster planning increases as you goes down the following list:

  • Building closed/evacuated
  • Loss of power
  • Loss of communications
  • Facility damaged/destroyed
  • Community disaster (10-to-30 mile range)
  • Regional disaster (30-to100 mile range)
- more info


Cloud backup as a strategy for Disaster Planning

One of the biggest challenges of managing a backup infrastructure is that no one wants the job. In large companies, the backup administrator position is an ever-revolving door often staffed with junior people. In smaller companies, backing up the infrastructure is a peripheral duty that is often ignored. The result is the same in both cases: bad backups.

One potential solution to this problem is cloud backup services - or managed backup services, depending on your preferred terminology. The idea is simple: Outsource this undesirable part of IT to a company whose staff specializes in it and you’ll never look back.

Record Management   Backup Policy

Cloud backup services take advantage of many of the technologies mentioned here, but allow customers to use the service without having to manage the process. Instead, customers simply install a piece of software on the systems being backed up, and the cloud backup service does the rest. But as with any backup system, make sure you have a way to verify that backups are working the way they’re supposed to be working.

The unglamorous world of backups is like the rest of IT: You never hear from anyone until something goes wrong. Modernizing your infrastructure, when planned and executed carefully, can reduce your liability dramatically. But as you make those improvements, remember the backup mantra: Test everything and believe nothing.

- more info


Backing up now much faster

Seagate Technology LLC today at the Consumer Electronics Show (CES) in Las Vegas released its first USB SuperSpeed 3.0-enabled external hard disk drive, the BlackArmor PS110, which has up to three times the performance of its previous USB 2.0 products.

Record Management   Backup Policy

The BlackArmor all-in-one USB 3.0 toolkit packages a 500GB 7200rpm, 2.5-inch portable hard drive, power cable and PC express card to enable USB 2.0-enabled laptops to perform with the 4.8Gbit/sec speed that USB 3.0 specifications allow.

While USB 3.0 theoretically represents a 10-fold improvement in I/O

speed over USB 2.0, Seagate said the data speed of its BlackArmor USB 3.0 portable drive is based on "real-world testing." The SuperSpeed USB 3.0 interface allows transfer of large files to and from the external drive at sustained transfer rates of 100MB/sec.

For example, Seagate claims that a 25GB high-definition movie can be transferred in just four minutes on the BlackArmor USB 3.0 drive. That compares to the 14 minutes the transfer would take using a traditional USB 2.0 drive.

- more info