SOX compliance

The Sarbanes-Oxley Act (SOX) and specifically Section 404 which took effect in November of 2004 establish key internal controls to improve timeliness, transparency, accuracy, and confidentiality of financial data.
Download SOX datasheet

Key facts and data security requirements you should know

Impacts all public companies whose shares are traded on US securities markets
Requires companies to establish a comprehensive data protection strategy as well as:
- Proactively establish controls around the signoff, access and security of data
- Create audit trails to track access and alteration of financial information
- Protect and retain financial records
Section 404 requires companies to report on the scope and adequacy of internal control structure and procedures for financial reporting plus an assessment of their effectiveness
Section 409 requires companies to make prompt public disclosures about information on material changes in their financial condition or operations, with supporting evidence.
Civil and criminal penalties vary significantly, but can reach $5 million and 20 years in prison
Sarbanes-Oxley also covers intellectual property data security-for example to avoid legal exposure and revenue loss that could result from an IP data breach.

^ back to top

Proven data loss prevention for Sarbanes-Oxley

FORTUNE 100 chain retailer relies on Vontu solutions to demonstrate compliance with Sarbanes-Oxley
A FORTUNE 100 retail chain with 5500 locations needed to demonstrate compliance with industry-specific data security regulations and federal laws such as Sarbanes-Oxley. However, it was unable to prioritize compliance and data loss prevention efforts due to poor visibility into potential data loss risks. To address the issue, the company conducted a Vontu Risk Assessment and chose Vontu Network Monitor for its detection accuracy, stability, scale, and ability to secure sensitive financial data. Today the company scans more than 150,000 messages per day across multiple network protocols such as HTTP and SMTP. In addition, weekly compliance reports have helped the security team identify high risk areas, and take action to change processes and educate employees. With Vontu solutions, the company now has increased control over the protection of its internal financial records, and can better demonstrate compliance with Sarbanes-Oxley.

FORTUNE 100 chain retailer relies on Vontu solutions to demonstrate compliance with Sarbanes-Oxley

A FORTUNE 100 retail chain with 5500 locations needed to demonstrate compliance with industry-specific data security regulations and federal laws such as Sarbanes-Oxley. However, it was unable to prioritize compliance and data loss prevention efforts due to poor visibility into potential data loss risks. To address the issue, the company conducted a Vontu Risk Assessment and chose Vontu Network Monitor for its detection accuracy, stability, scale, and ability to secure sensitive financial data. Today the company scans more than 150,000 messages per day across multiple network protocols such as HTTP and SMTP. In addition, weekly compliance reports have helped the security team identify high risk areas, and take action to change processes and educate employees. With Vontu solutions, the company now has increased control over the protection of its internal financial records, and can better demonstrate compliance with Sarbanes-Oxley.

^ back to top

How Vontu demonstrates Sarbanes-Oxley compliance

Vontu solutions provide comprehensive Sarbanes-Oxley data loss prevention for any organization that stores and/or transmits confidential financial data and IP. Advantages include:

Pre-defined Sarbanes-Oxley Policy Template with patented TrueMatch™ detection for the highest accuracy in the industry
Discover and protect exposed financial data on file servers, databases, Microsoft SharePoint®, Lotus Notes®, Documentum®, LiveLink®, web servers, Microsoft Exchange®, and other data repositories
Monitor and prevent confidential financial data loss on the network including email, IM, Web, Secure Web (HTTP over SSL), FTP, P2P, and generic TCP
Discover financial data stored on the endpoint, such as desktops and laptops, and prevent this data from being inappropriately used, sent out, or copied to storage devices such as USB drives, CD/DVDs, or iPods
Demonstrate internal controls to comply with SOX 404 requirements that restrict access to and protect the confidentiality of sensitive financial data
Demonstrate internal controls to comply with SOX 409 requirements that require notification of a material breach of information
Comprehensive audit support through pre-built SOX compliance reports and role-based dashboards
Automatic encryption enforcement that routes exposed financial data to encryption servers
Automatically enforce SOX data security policies with a centralized platform for detection accuracy, policy management and automated incident response, notification, workflow and compliance reporting to help organizations change employee behavior and pinpoint compliance gaps in existing business processes
Role-Based Access Control enables business units and departments to review and remediate only those SOX incidents relevant to their role and privileges.