|
Data Auditing Solution for Sarbanes Oxley 404 Compliance
Section 404 of the Sarbanes-Oxley (SOX) Act requires you to create and monitor controls of systems that affect your ability to deliver accurate financial reports. It also makes company management responsible for this "internal control" over financial reporting.
What exactly is "internal control"? It's really a system of checks and balances to ensure that changes to your applications and software systems do not adversely affect your financial transactions or reports. Firms that conduct SOX audits will check to make sure these controls are in place, and require reports (sometimes called "Attestation" reports) to back up your claims of Sarbanes Oxley compliance. Companies following the COSO/COBIT control framework also need to reconstruct what actually happened to specific data, including time sequences for processing and related activities.
To meet these requirements, companies today are automating their internal controls infrastructure. The focus is no longer on merely understanding who has access to information. Rather, the key is to continuously monitor database activity - especially high risk activities like privileged user behavior, direct access to sensitive data stores, user privilege escalation, failed login and failed database operations.
To help in your SOX compliance efforts, best practices are now established. The recommended controls are:
- Continuously monitor all database changes, including changes to data structures.
- Monitor the activity of privileged users who have the highest level of access to systems.
- Enforce segregation of duties based on user roles.
- Integrate with corporate change control systems to ensure only approved changes are taking place.
- Provide regular summary and detailed reports on all data activity.
By automating these controls, you will not only meet your SOX audit requirements and avoid a failed audit. You'll get a continuous compliance solution that saves time and money by eliminating the manual processes required today.
The Tizor SOX Solution : pre-defined templates for SOX 404 compliance.
The Mantra SOX Template provides real-time monitoring, logging, and auditing of Sarbanes Oxley-mandated user activity. It also tracks activity of users and administrators, isolates specific compliance violations, and gives you pre-defined polices that:
- Continuously monitor all user activity with mission-critical applications and data.
- Monitor privileged user activity to ensure accuracy of financial information.
- Implement segregation of duties (privileged user data is stored outside of the control of the users being monitored).
- Correlate all database and file server changes to the company’s change control systems.
- Create detailed compliance reports on all privileged user database activity, from privilege escalation events and failed logins to schema changes and direct SQL access events.
Mantra’s change control feature also allows you to track database changes and reconcile them with change control tickets, ensuring that only authorized changes were made to the database.
Mantra is a high performance, network appliance that continuously monitors both network and local data traffic to database and file servers. Mantra is non-intrusive, does not require any agents, and has no performance impact on production databases. Patent-pending Behavioral Fingerprinting® technology identifies anomalous or suspicious user behavior in real time, preventing unauthorized data access like data theft and breaches.
TIZOR MANTRA
For more information on our SOX auditing and compliance solution, contact us: info@tizor.com or call 800-231-8224.
Features: key features of the Tizor Mantra data protection and auditing solution
Architecture: a look at the architecture behind the Mantra data protection and monitoring appliance
The Tizor Discovery Service helps identify data risk. Click here to learn more. |
