The Sarbanes Oxley Compliance Resource Kit includes the following components: Security Manual Template, Sensitive Information Policy, Disaster Recovery Template, Safety Manual Template, Threat & Vulnerability Assessment Tool, Business & IT Impact Questionnaire, Practical Guide for IT Outsourcing, and Chief Security Officer Job Description.
The SOX kit contains all of the tools that are needed to comply with the Sarbanes-Oxley legislation. This tool kit has been used successfully by over 500 publicly traded companies.
ITIL and "Best Practices" are no longer sufficient to conform to the Sarbanes Oxley and COBIT requirements. There are many products on the market that claim they can track changes, they can control/manage changes, or they can audit the use of products and the changes made to systems.
Almost all of the Change Management products are either "Electronic Paper" (i.e. they cannot prevent unauthorized changes from being made) or they react after the event based on cyclic comparisons of the various data sets. The time between the cyclic comparisons is an open door for anyone trying to manipulate the systems, and paper based systems offer no protection at all.
Sarbanes-Oxley Section 404 requires that:
- Enterprises have an enterprise wide security policy;
- Enterprises have enterprise wide classification of data for security, risk, and business impact;
- Enterprises have security related standards and procedures;
- Enterprises have formal security based documentation, auditing, and testing in place;
- Enterprise enforces separation of duties; and
- Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.
To meet these needs the Sarbanes Oxley Kit, which comes in four editions (Standard, Silver, Gold, and Platinum) contains:
- Security Policies (all editions);
- Threat & Vulnerability Assessment Tool (all editions);
- Business & IT Impact Questionnaire Risk Assessment Tool (all editions);
- Safety Program Template (all editions);
- Disaster Recovery Template (all editions);
- Outsourcing guide update to reflect what your vendors need to do (all editions);
- Software tool to monitor key data files (all editions);
- Internet and IT Job Descriptions (Silver, Gold, and Platinum Editions) and;
- IT Service Management Template (Platinum Edition).
The tools provided in these kits address not only the needs of Sarbanes-Oxley, COBIT and ISO -- they also provide a vehicle to comply with the IT Governance requirements.