SOX Compliance for IT: Comprehensive, Cost-effective and Risk-based
The Sarbanes-Oxley Act (SOX) requires that all publicly-held companies must establish internal controls and procedures for financial reporting to reduce the possibility of corporate fraud. Being SOX compliant means your entire IT infrastructure—from server and network security to IT practices and operations—must be reinforced and configured to maintain and demonstrate continuous SOX IT compliance in the event of an audit.
Tripwire solutions provide IT with the internal controls necessary to continually collect and protect the sensitive information needed to report evidence of SOX IT compliance. Your SOX audits can now be quick and far less costly.
Tripwire Enterprise delivers your comprehensive solution by:
- Addressing the Acquire and Implement (AI) and Delivery and Support (DS) guidelines of COBIT with out-of-the-box change audit reporting and a library of COBIT configurations.
- Comparing system configurations to “gold systems,” reporting and remediating configuration items that vary from the "golden" standard.
- Identifying authorized and unauthorized changes or suspicious event activity over a period of time.
- Communicating those changes with reports that display trends in the effectiveness of and adherence to change process controls.
- Providing industry standards and benchmarks to automatically assess configurations, and determining the degree of risk for operational, regulatory and security vulnerabilities.
- Continuously maintaining a known and trusted state by establishing a secure baseline against which to measure change, and then automating the repair of configuration items if they fall out of compliance.
The Control Objectives for Information and related Technology (COBIT) framework helps organizations get the most value from their technology investments by providing guidance for IT governance and controls, portions of which focus on the delivery and support aspects of information systems. Tripwire Enterprise incorporates the COBIT framework through custom configuration assessment profiles that organizations can use to achieve and maintain compliance with those sections.