The Canadian counterpart to the U.S. Sarbanes Oxley Act (SOX), Bill 198 became law in October 2002. Part XXVI of this bill amended the security laws to require reporting issuers to devise and maintain a system of internal controls related to the effectiveness and efficiency of their operations, including financial reporting and asset control. Bill 198 also amended the securities laws to require chief executive officers and chief financial officers of reporting issuers to provide a certification that addresses internal controls, including:

• The establishment and maintenance of internal controls
• The design of internal controls
• The evaluation of the effectiveness of internal controls

What Bill 198 doesn't do is provide much guidance on how to set up IT internal controls. That's where Tripwire comes in.

An Ironclad Defense: Detective Control

Tripwire provides what auditors call a detective control. It delivers the hard evidence of IT configuration audit and control that auditors want. Tripwire gives you:

• Automated configuration control that isn't susceptible to human error or lapses in judgment
• Broad infrastructure coverage of changes on servers, workstations and network devices, including changes made both manually or by automated tools
• Independent evidence of change through perfect segregation of duties - the person or tool that made the change is not used to validate the change