Sarbanes Oxley Compliance

Sarbanes-Oxley Compliance Kit

Mandated regulations impact IT

Order SOX compliance kitDownload Table of Contents

The audit spotlight now shines on IT. After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Sarbanes Oxley Compliance Kit you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.

Sarbanes-Oxley Section 404 requires that:

  • Enterprises have an enterprise wide security policy;
  • Enterprises have enterprise wide classification of data for security, risk, and business impact;
  • Enterprises have security related standards and procedures;
  • Enterprises have formal security based documentation, auditing, and testing in place;
  • Enterprise enforce separation of duties; and
  • Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.

SOX adopted the COSO model of controls, which is the same model that SAS 70 audits have utilized since inception. SOX heightened the focus placed on understanding the controls over financial reporting and identified a type II SAS 70 report as the only acceptable method of obtaining third-party assurance regarding the controls at a service organization. Security "certifications" are excluded as acceptable substitutes for a type II SAS 70 audit report.

In addition the ISO 27000 standard is used in SAS 70 reports. The Security Manual Template contains an ISO 27000 Security Process Audit Checklist. These two items directly address a service organization's descriptions of controls. The auditor can use these to help them in the evaluation of the service organization's control framework.

Preparation for Disaster Recovery / Business continuation in light of SOX has two primary parts. The first is putting systems in place to completely protect all financial and other data required to meet the reporting regulations and to archive the data to meet future requests for clarification of those reports. The second is to clearly and expressly document all these procedures so that in the event of a SOX audit, the auditors clearly see that the DR plan exists and will appropriately protect the data.

To meet these needs the Sarbanes Oxley Compliance Resource Kit, which comes in four editions (Standard, Silver, Gold, and Platinum) contains:

  • Security Policies (all editions);
  • Threat & Vulnerability Assessment Tool (all editions);
  • Business & IT Impact Questionnaire Risk Assessment Tool (all editions);
  • Safety Program Template (all editions);
  • Disaster Recovery Template (all editions);
  • Outsourcing guide update to reflect what you vendors need to do (all editions);
  • Internet and IT Job Descriptions (Silver, Gold, and Platinum Editions) and;
  • IT Service Management Template (Platinum Edition) includes
    • Service Request Policy and Standard
    • Help Desk Policy, Procedure, Standard, and Service Level Agreement
    • Change Control Standard, Quality Assurance Standard, and Management Workbook
    • Documentation Standard
    • Version Control Policy and Standard
    • Sensitive Information Standard
    • Blog and Personal Web Site Policy
    • Travel and Off-Site Meetings Security Policy
    • Internet, e-mail and electronic communication Policy

See Table Below for a summary of the contents of each of the versions of the Sarbanes-Oxley Compliance kit

Order SOX compliance kitDownload Table of Contents

Sarbanes-Oxley Compliance Resource Kit - Standard

  • Sarbanes-Oxley Compliance Summary
  • Security Manual Template
  • Sensitive Information Policy Template
  • Disaster Recover - Business Continuity Template
  • Safety Manual Template
  • Threat & Vulnerability Assessment Tool
  • Business & IT Impact Questionnaire
  • Practical Guide for IT Outsourcing Template
  • Job Description for Chief Security Officer (CSO)

Update Service is avaiilable

Sarbanes-Oxley Compliance Resource Kit - Silver

  • Sarbanes-Oxley Compliance Summary
  • Security Manual Template
  • Sensitive Information Policy Template
  • Disaster Recover - Business Continuity Template
  • Safety Manual Template
  • Threat & Vulnerability Assessment Tool
  • Business & IT Impact Questionnaire
  • Practical Guide for IT Outsourcing Template
  • Job Description for Chief Security Officer (CSO)
  • Internet and IT Job Descriptions HandiGuide PDF format

Update Service is avaiilable

Sarbanes-Oxley Compliance Resource Kit - Gold

  • Sarbanes-Oxley Compliance Summary
  • Security Manual Template
  • Sensitive Information Policy Template
  • Disaster Recover - Business Continuity Template
  • Safety Manual Template
  • Threat & Vulnerability Assessment Tool
  • Business & IT Impact Questionnaire
  • Practical Guide for IT Outsourcing Template
  • Job Description for Chief Security Officer (CSO)
  • Internet and IT Job Descriptions HandiGuide PDF format
  • Internet and IT Job Description - 260 individual Microsoft WORD files

Update Service is avaiilable

Sarbanes-Oxley Compliance Resource Kit - Platinum

  • Sarbanes-Oxley Compliance Summary
  • Security Manual Template
  • Sensitive Information Policy Template
  • Disaster Recover - Business Continuity Template
  • Safety Manual Template
  • Threat & Vulnerability Assessment Tool
  • Business & IT Impact Questionnaire
  • Practical Guide for IT Outsourcing Template
  • Job Description for Chief Security Officer (CSO)
  • Internet and IT Job Descriptions HandiGuide PDF format
  • Internet and IT Job Description - 260 individual Microsoft WORD files
  • IT Service Management Template

Update Service is avaiilable

Order SOX compliance kitDownload Table of Contents

Download Table of Contentes and Order Componets of SOX Kit

Once you get to the download page just bookmark it and you will be able download all of the components without having to re-register.

Security Manual Template

Security Template The plan is over 200 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for your security plan.

Order Security ManualDownload Security Table of Contents

Sensitive Information Policy Template

Sensitive Information PolicyThis policy is easily modified and defines how to treat Credit Card, Social Security, Employee, and Customer Data. The template is 34 pages in length and complies with Sarbanes Oxley Section 404, ISO 27000 (17799), and HIPAA. The PCI Audit Program that is included is an additional 50 plus pages in length.

Order Sensitive Information PolicyDownload Selected PagesDownload Selected Pages

Disaster Recovery Plan (DRP)

Disaster Recovery Planning TemplateThis Disaster Recovery Plan (DRP) can be used as a template for any enterprise. DRP is sent to you via e-mail in WORD and/or PDF format. Included is a 13 page Business Impact Questionnaire as well as a 3 page Job Description for the Disaster Recovery Manager.

Order DRP BCP TemplateDownload DRP BCP Selected Pages

IT Service Management Template

IT Service Management ITSM ITILThe IT Service Management Template contains policies, standards, procedures and metrics for Change Control, Help Desk and Service Request processing. ITSM template also contains several easy to implement forms and conforms with ITIL.

Order ITSM TemplateDownload sample ITSM

Safety Program Template

Safety Program TemplateSafety Program is 60 pages and includes everything needed to customize the Safety Program to fit your specific requirement. The Safety reflects the latest issues associated with the most recent legislation (Sarbanes Oxley).

Order Safety ProgramDownload Selected Pages safety program

Business and IT Impact Questionnaire

Risk AssessmentThis Business and IT Impact Analysis Questionnaire has been designed by one of Industry's most experienced application assessment consultants. This Questionnaire has been used in over 500 assessment, DRP and business impact projects in the past four years. Included is a Risk Ranking definition.

Order BIA QuestionnaireBIA Questionnaire Download Selected Pages

Practical Guide for IT Outsourcing

Practical Guide IT OursourcingThe guide is 91 packed pages and includes everything needed to plan for, negotiate, and manage an outsourcing process within an enterprise.

IT Job Descriptions

IT Job DescriptionsYou can get either the HandiGuide in PDF format, the Microsoft Word files, or both.

The Internet and IT Position Descriptions in the WORD version comes as individual files in .docx format. Includes positions from CIO and CTO to Wireless and Metrics Managers.

Order IT Job DescriptionSample job descriptionDownload Selected IT Job Descriptions