"With the quarterly Sarbanes testing efforts, we started to see 30% of our time with certain staff being used in audits. "- Matt Haynes, U.S. Cellular Security Architecture Group
Section 404 of the Sarbanes-Oxley Act of 2002 requires officers of a public company to establish, monitor and report on the effectiveness of controls that ensure the integrity and accuracy of financial data. To IT departments, this means continuously monitoring and managing the security and configuration integrity of a large number of IT systems, across distributed networks that store and transmit the data in question. In addition, organizations need to demonstrate compliance to their auditors on an ongoing basis.
CobiT is among the most popular IT governance models used to design a set of IT controls to comply with Section 404. nCircle fulfills a number of CobiT requirements (see detailed mapping document) that address SOX compliance.
nCircle solutions enable companies to comply with Sarbanes-Oxley, Section 404 by delivering a unified foundation for compliance using:
nCircle IP360 continuously discovers and gathers detailed intelligence about all hosts, applications, services and related vulnerabilities, providing a comprehensive view of the all Sarbanes-Oxley regulated systems on the network and building a foundation for an effective program to identify, assess and manage IT risks to maximize compliance with the regulation.
nCircle Configuration Compliance Manager enables organizations to audit the system configurations of those systems that store, process and transmit financial data. All systems may then be continuously measured against policy to ensure compliance and deviations from the approved standard can be immediately addressed to restore a system to its original compliant state.
nCircle Suite360 Intelligence Hub provides executive, managerial and audit-ready compliance reports to demonstrate IT compliance performance across the enterprise network. Reports may be customized to further analyze the network’s compliance posture by business unit, business function, application, server zone, and server class – enabling enterprises to measure progress with appropriate accountability.
In addition to the detailed reporting that nCircle solutions deliver, nCircle Focus™, a major advancement that breaks from traditional reporting paradigms, offers instant and unparalleled insight into risks on the network that would lead to non-compliance, enabling enterprises to take the most efficient actions to proactively reduce non-compliance.