Solutions



Sarbanes-Oxley (SOX) Compliance


In order to comply with SOX 404, organizations are taking a top-down risk-based approach to ensure that all assets (including hardware, software, physical IT infrastructure, and IT processes) that are involved in financial reporting processes are in compliance with a selected framework such as COBIT or ISO 17799. However, compliance with these frameworks is taxing without an automated infrastructure that makes the assessment and reporting process streamlined, efficient and sustainable.


Agiliance ensures SOX compliance using COBIT or ISO 17799/27001

The following are the key capabilities of the Agiliance IT GRC platform that ensure SOX compliance using a standard framework, such as COBIT, COBIT or ISO 17799/27001.

Agiliance IT GRC 5-step process

  • Maintain a repository of all relevant assets (hardware, software, physical IT infrastructure, IT processes) that affect financial reporting. Asset information can either be imported from external systems or populated through asset discovery technology. The system supports a comprehensive asset data model to document relationships between assets, organizations, processes and people.
  • Enable the SOX team to evaluate how critical an asset is to the financial reporting process and then assess its overall risk
  • Maintain a library of controls by leveraging popular frameworks, including COBIT, COSO, or ISO 17799/27001.
  • Provide an infrastructure for assessing compliance with controls
    • Automate the process of distributing and collecting periodic surveys and self assessments to evaluate compliance
    • Integrate with monitoring tools, compare asset configuration against controls and policies to identify non-compliance on a continuous basis
  • Report on asset compliance scores – both for status purposes, as well as evidence of compliance for internal and external auditors.
  • Compute an asset’s composite risk score based on multiple criteria, including business impact of its impairment, compliance with policies, including security policies, and its vulnerability based on external feeds. The risk score allows users to prioritize which non-compliant assets need to be addressed first for remediation.
  • Trigger remediation process.

Why Horizontal SOX solutions can’t address SOX IT Compliance

Assessment and reporting of compliance with information security-related controls and remediation of issues must be a core capability within any IT-SOX compliance solution. New vulnerabilities, threats and attacks are uncovered daily. Systems keep changing – assets are added, removed and reconfigured on a daily basis. Identification of which systems and processes carry the most risk at any given time, prioritization of which systems need to be protected first and foremost from a compliance perspective, creating and deploying a policy framework to protect such systems, identifying systems that violate the policies, and formulating and executing a remediation plan to address their issues requires domain expertise in security and asset management – missing from many software vendors selling horizontal SOX 404 compliance solutions. As a result, solutions like Agiliance with a core value proposition around a combination of assets, policy, security and risk management, are best positioned to assess and report on compliance of information technology with SOX.

Live Demo Sign Up