FairWarning Mapping to SOX

April 12, 2019

After a slew of major corporate and accounting scandals in the U.S., the government enacted the Sarbanes-Oxley Act of 2002 (SOX). There are 11 sections to the Act; the two most important for security and compliance are Sections 302 and 404, which deal with internal controls. 

The tricky part comes with the mechanisms for compliance -- SOX does not mandate a control framework for abiding by its rules. Instead, it requires "management to base its evaluation of the effectiveness of the company's ICFR on a suitable, recognized control framework." Most choose either the COSO (Committee of Sponsoring Organizations) or COBIT (Control Objectives of Information and Related Technology).

This mapping guide outlines how FairWarning maps to COBIT's processes for managing human resources, suppliers, risk, and security to bring you in compliance with SOX.

 

Previous Document
How FairWarning Maps to PCI DSS
How FairWarning Maps to PCI DSS

Less than three-quarters of organizations have achieved full compliance with PCI DSS Requirement 10, which ...

Next Document
ISO 27001 & FairWarning: How it Works
ISO 27001 & FairWarning: How it Works

As defined by the ISO organization, the ISO standards “will help your organization manage the security of a...