atsec

The information security provider.
homesitemapblog
  • Services
  • Company
  • News & Events
  • Resources
  • Contact
Deutsch | 汉语

Product Evaluation
and Testing
Common Criteria (ISO/IEC 15408)
FIPS 140-2
Cryptographic Algorithm Testing
SCAP
NPIVP Testing
Biometrics Testing
GSA PIV Evaluation (FIPS 201)

Compliance and Audit
ISO/IEC 27001
SOX and Euro-SOX
FISMA Certification Support
HIPAA and HITECH
NASPO

Consulting and Training
VTDR for GSA FIPS 201
Embedded Systems
Hardware Security Testing and Analysis
Penetration Testing
PCI Consulting
US Export Control for Cryptography
Training

 back to the list of services
 

SOX and Euro-SOX

What atsec offers:

The Sarbanes-Oxley ACT (SOX or SOA) and the European counterpart, “Euro-SOX” have a tremendous impact on the operations, processes, and guidelines of the companies that are required to demonstrate compliance. An Internal Control System (ICS) with IT controls is introduced to audit and improve the processes and operations relevant for financial reporting.

A SOX Readiness Assessment provides an overview of your current compliancy status, and includes:

  • survey of the existing environment (locations, infrastructure, contractors, etc.)
  • preliminary definition of the scope (physical, organizational, logical)
  • gap analysis listing deficiencies in the areas of guidelines, SLAs, contracts and IT controls
  • project plan defining the next steps in terms of tasks and milestones for the implementation of IT controls
  • overview of activities for the implementation and operation of the internal control system

Our SOX training for managers, control owners, internal auditors, and testers provides both basic and advanced insights into the details of implementing and operating an Internal Control System. The training consists of:

  • A half day introduction to SOX, covering the requirements, impacts, and activities for compliance. It includes an overview of COSO, CobIT and SAS 70, the roles and responsibilities, audit and testing procedures and a real world example.
  • Project-related, customized training on selected topics (such as auditing, testing procedures, etc.).

In cases where an IT organization shows some deficiencies in terms of policies and processes, atsec can support the implementation of a SOX-ready environment by providing:

  • reorganization / enhancement suggestions for the IT organization
  • definition / revision of existing SLAs with suppliers and contractors
  • development and documentation of processes and policies
  • inventory of assets
  • consulting on electronic signature compliance

atsec can assist your organization implement SOX IT Controls by helping to:

  • define IT Controls
  • develop a self-assessment process
  • roll out IT controls
  • operate the ICS (internal control system)

atsec also offers the following support for your regular, internal self assessments:

  • support of IT control owners in their control activities
  • assisting internal auditors during their testing of IT controls

Why our services are important to you

A number of small- to medium-sized enterprises, no matter where their location in the world, face gaining SOX compliance after being acquired by a company that is listed on an American stock exchange. Additionally, the European SOX will be put into national legislation by the mid of 2009.

For more information

Please refer to our resource pages.

 

(c) 2012 atsec information security | Legal Notice | Data Protection Notice | Environmental Policy | Security Policy |  atsec IT security blog atsec on facebook atsec on twitter atsec on LinkedIn atsec on digg.com