Public Companies

The Sarbanes-Oxley Act was enacted in 2002 largely in response to the history making scandals involving gross mismanagement by corporate leaders who violated their fiduciary duty to protect shareholder value. It was put in place to define a new framework for corporate governance, accounting and financial reporting practices; as well as auditor independence. Specifically, Section 404 of the act brings IT and Information Security into the mix as it addresses the new level of responsibility executives have to validate that there are proper internal controls in place to insure the accuracy, completeness and timeliness of financial information. Corporate environments sit on computer networks, financial information is electronic. Therefore the definition of “proper internal controls” includes information security practices.

In addition to establishing new rules and structures around corporate governance, the Sarbanes-Oxley Act also addresses the punishment for violations, which includes fines, imprisonment or both. So at the end of the day, from the board room and down, corporations need to demonstrate that they have a reasonable process in place to manage risks to financial information and that the process is measurable and auditable.

FusionVM and SOX Compliance

FusionVM facilitates SOX compliance by automating key controls associated with managing foreseeable risks to financial systems. With FusionVM companies can assess the current security posture of a system, monitor changes over time, and provide reporting visibility into that process. The ability to separate and group assets then map security policies to those assets for reporting greatly streamlines the compliance reporting process.