Sarbanes-Oxley and Security

Sarbanes-Oxley and Security

Since its passage, the Sarbanes-Oxley Act of 2002 (SOX) has engendered spirited debate over the law's implications for corporate information practices, IT financial reporting, and corporate IT security, especially with respect to the internal control provisions of Section 404. A legal review commissioned by the Cyber Security Industry Alliance (CSIA) concluded that compliance with Section 404 requires publicly traded companies to employ information security to the extent necessary to ensure the effectiveness of internal controls for financial reporting.

In reaching this conclusion, it is recognized that, given the size and complexity of IT systems and networks in most publicly traded companies, the statutory and administrative materials governing Section 404 may still lack the detail and specificity regarding IT governance and security that management and auditors need to guide their compliance efforts.

Companies are now recognizing the necessity of addressing IT issues relating to SOX compliance, including proper policies for management of IT applications, data, and access to data.  Businesses need to archive electronic communications to meet compliance. Access to reporting tools must be established.  Security procedures must be established for data and reporting access.

Our professionals with security and SOX experience are able to provide advice in the preparations for audits and provide expertise in establishing appropriate policies and procedures in several key functional areas:

IT security

Financial reporting controls

Data center controls

IT service levels

Change management procedures

Email compliance

We can help you establish user access to applications, reporting, and data, as well as create reports that will meet audit requirements.


In today’s real-time, internet based, highly networked computing environment, security is a key topic for all IT managers.  In addition to protecting the network from external security threats, such as hackers and intruders, there are expanding needs to establish the security authorization level (trusted, privileged) and access for each user in several areas of the IT infrastructure.  Security and access by user must be defined for each level of the IT operations, including security for data, the applications, and the network.  Our consultants are knowledgeable and able to establish security policies and recommendations relative to these various dimensions of the IT operations and to help identify any gaps that may be a risk.

Data Security

Businesses must implement log monitoring as well as data replication and email archival to meet regulations.  Some databases offer data encryption for additional protection.  Our professionals are versed in how to establish data security to meet these regulations.  

Application and network Security

Businesses need to establish base-line levels of operation for applications and the network, and monitor systems for unusual levels of activity, typically with an IT management/network management software solution.Further, many businesses have implemented methods to detect malicious software and viruses. Our consultants can team with your IT professionals to define appropriate controls.

Risk Assessment & Management

At Strategic IT Services, our consultants can work with you to evaluate your risk of non-compliance with Sarbanes-Oxley, your exposure, and assist you in the development of appropriate plans to mitigate any risk and help you meet audit requirements.

Client Services
For Information Technology Consulting Consulting/Contract/Contract-to-hire
Process Management
  • Project Management, Business     Analysis, Implementation Analysis     and QA
  • Technical Writing
  • Sarbanes-Oxley and Security
ERP Solutions
  • ERP (SAP, Oracle/PeopleSoft)
  • SCM, PLM and CRM
Application Development
  • Web Portals and E-Commerce
  • Programming (.Net, Java, C#, VB, C++)
Data Management
  • Data Warehousing (SAP BW, Cognos,     Business Objects)
  • Database Administration(Oracle, SQL     Server, DB2)
Operations and Infrastructure
  • Networking (Cisco, WANs, Firewalls)
  • Messaging (Exchange, Lotus Notes)
  • Infrastructure and Data Center
  • Help Desk and Desktop Support
For Technology Staffing          Strategic Careers®

Client Contact Form

* Name:
* Tel:
* Email:
* Required Fields

Strategic IT Services              713-228-8000              Info@StrategicITServices.com              Strategic Careers®

   Strategic Careers on LinkedIn                 Legal        Site Map        Disclaimer                       LinkedIn

Copyright © 2006, Strategic IT Services Inc.