Scribd Logo
Upload

Welcome to Scribd!

  • 7 views

    Standard Regulatory Act

    Uploaded by

    yosaf86
    The Sarbanes-Oxley Act (SOX) was passed in 2002 to increase confidence in financial reporting through establishing internal controls for handling financial data. Section 404 requires management to evaluate IT systems and processes to safeguard sensitive information. While SOX does not address IT directly, it has huge implications as financial data flows through IT systems. It holds CEOs and developers accountable for representing proper controls are in place. SOX compliance requires regular external audits to ensure data accuracy and protection from unauthorized access or alteration. The Control Objectives for Information and Related Technologies (COBIT) framework is commonly used to help developers comply with SOX. The Payment Card Industry Data Security Standard is another relevant security standard.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Standard Regulatory Act

    Uploaded by

    yosaf86
    7 views7 pages
    The Sarbanes-Oxley Act (SOX) was passed in 2002 to increase confidence in financial reporting through establishing internal controls for handling financial data. Section 404 requires management to evaluate IT systems and processes to safeguard sensitive information. While SOX does not address IT directly, it has huge implications as financial data flows through IT systems. It holds CEOs and developers accountable for representing proper controls are in place. SOX compliance requires regular external audits to ensure data accuracy and protection from unauthorized access or alteration. The Control Objectives for Information and Related Technologies (COBIT) framework is commonly used to help developers comply with SOX. The Payment Card Industry Data Security Standard is another relevant security standard.

    Original Description:

    standard

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The Sarbanes-Oxley Act (SOX) was passed in 2002 to increase confidence in financial reporting through establishing internal controls for handling financial data. Section 404 requires management to evaluate IT systems and processes to safeguard sensitive information. While SOX does not address IT directly, it has huge implications as financial data flows through IT systems. It holds CEOs and developers accountable for representing proper controls are in place. SOX compliance requires regular external audits to ensure data accuracy and protection from unauthorized access or alteration. The Control Objectives for Information and Related Technologies (COBIT) framework is commonly used to help developers comply with SOX. The Payment Card Industry Data Security Standard is another relevant security standard.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    7 views7 pages

    Standard Regulatory Act

    Uploaded by

    yosaf86
    The Sarbanes-Oxley Act (SOX) was passed in 2002 to increase confidence in financial reporting through establishing internal controls for handling financial data. Section 404 requires management to evaluate IT systems and processes to safeguard sensitive information. While SOX does not address IT directly, it has huge implications as financial data flows through IT systems. It holds CEOs and developers accountable for representing proper controls are in place. SOX compliance requires regular external audits to ensure data accuracy and protection from unauthorized access or alteration. The Control Objectives for Information and Related Technologies (COBIT) framework is commonly used to help developers comply with SOX. The Payment Card Industry Data Security Standard is another relevant security standard.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 7

    Standard Regulatory Bodies and

    Acts
    Sarbanes-Oxley Act

    The act, referred to as Sarbanes-Oxley
    (commonly abbreviated as SOX), was signed
    into law in 2002. Its purpose is to all stake-
    holders more confidence in handling of
    financial data by putting controls in place to
    ensure the confidentiality and integrity of
    financial data.

    The key part of the SOX Act for developers
    Section 404 titled "Management assessment of
    internal controls."
    This section requires management to take
    responsibility for the integrity of financial
    information by evaluating IT systems and
    processes and producing evidence that the
    company has done a reasonable job keeping
    sensitive information safe.
    While SOX doesn't address IT directly, the
    implications for IT are huge, given that most
    financial data in the organization flows through
    computerized information systems and the code
    that you write.
    The key part of the SOX Act for developers contd.
    Section 302 of the SOX act requires that the CEO issues
    periodic statements certifying that adequate controls are in
    place for the control of financial and customer data in the
    organization.
    Ignorance of a vulnerable system is no longer a defence
    because top executives now have to attest that proper controls
    are in place.
    The act also imposes stiff penalties for misrepresenting the
    state of controls and holds not just the organization but the
    CEO and the developer accountable.
    To be SOX compliant, companies must have regular external
    audits that assess the controls that are in place to ensure that
    data is accurate, unaltered
    Implication: SOX has driven significant spending on IT and IT
    security.
    Summary of specific requirements for
    Database Systems
    Data:
    Cannot be altered by unauthorized individuals.
    Cannot be viewed by unauthorized individuals.
    Is available when needed by authorized
    individuals.
    It also requires that any material changes to IT
    infrastructure that touch this data are documented
    and reported immediately to management.


    Examples of a relevant standard
    bodies
    A commonly used framework to help
    developers comply with the needs of SOX is
    COBIT (Control Objectives for Information
    and Related Technologies) This is an open
    standard published by the IT Governance
    Institute and the Information Systems
    Audit and Control Association.

    Payment Card Industry Data Security
    Standard is another example

    Tasks: Research the following
    bodies and create half a page
    report on their activities
    IT Governance Institute and the
    Information Systems Audit and Control
    Association (ISACA)

    Payment Card Industry Data Security
    Standard (PCIDSS)

    You might also like