“The department providing Shared Services for Siemens AG Munich required validation of the data center services for SOX conformity in 2007. The project started in January 2007, and the deadline was September 2007. Approximately 60 IT General Controls had to be implemented within each of 12 relevant data centers.

After an internal preparation phase from January to March, atsec joined the project and took over responsibility for initial training of control designers and owners and first internal SOX testings. Using the general controlling concept developed within Siemens as a basis, the atsec coaches quickly and efficiently adapted it to unique situations at a number of small Shared Services data centers. Atsec also developed a process to train personnel and give them the right idea of SOX controlling. Excellent and effective cooperation led to successful SOX certification on time and with no deficiencies. We are very pleased and will be interested in working with atsec again in the future to get an major coverage of compliance. By the way, it was not our first good experience with atsec.”

SOX is the Public Company Accounting Reform and Investor Protection Act of 2002. It was passed in response to high-profile business failures, such as Enron and WorldCom, in order to reinforce investment confidence and protect investors by improving the accuracy and reliability of corporate disclosure.

# # #

About Siemens
Siemens AG (Berlin and Munich) is a global powerhouse in electronics and electrical engineering, operating in the industry, energy and healthcare sectors. The company has around 400,000 employees (in continuing operations) working to develop and manufacture products, design and install complex systems and projects, and tailor a wide range of solutions for individual requirements.

About atsec information security
atsec information security is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden, and China.
atsec offers evaluation and testing services leading to formal certification for IT security including evaluation under Common Criteria schemes in the U.S., Germany, and Sweden; cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada; and compliance validation to the Payment Card Industry (PCI) Data Security Standard.
atsec also offers secure code review, ISO/IEC 27001 ISMS consulting, and penetration testing and scanning services.
atsec works with leading global companies such as IBM, HP, Oracle, Cray,BMW, SGI, Vodafone, Swisscom, RWE, and Wincor-Nixdorf. For more information please visit www.atsec.com.