The Sarbanes-Oxley Act (SOX) concerns the handling and disclosure of publicly traded companies' financial information and includes requirements for certification of internal auditing by external auditors, and increased disclosure regarding all financial statements. Section 404 of the Act states, in effect, that large public companies (with a market cap over $75 million, though this is likely to change soon) are required to maintain adequate internal controls, and also assess, report on, and audit the controls' structure and effectiveness.
How SignaCert addresses SOX
While SOX sounds simple, implementation is NOT. What seemed initially to be a purely finance department's problem has turned out to be an IT infrastructure one, hence a tech issue. Because SOX requires that companies demonstrate that underlying systems structures on which financial records are maintained also undergo the same controls and transparency audits, companies must now guarantee that what's in production is in the same state as what was tested. IT must certify that the entire infrastructure and change control mechanisms are robust enough to catch changes - but as anyone who's using change control knows: they really aren't. In production, each system has probably hundreds of IT people - high and low - with administrative access to the entire system. This means the underlying systems that support the reporting of financial information can potentially be compromised or modified post-approval by people.
To validate that systems haven't been compromised, auditors demand that senior technology managers attest that the systems currently running in production are equal to the ones which were authorized for release during the testing process. To date, no technology existed that would do that, so the senior managers have had to rely on the notion that they are "doing the best they can."
SignaCert changes SOX compliance
As anyone complying with SOX knows, it's been impossible to do a really good job until now. "Doing the best you can" is still a far cry from validated compliance. But now there's SignaCert.
SignaCert's breakthrough independent IT controls mean you can do better, without having to "rip and replace." You'll lower your personal liability and make the auditors ecstatic. Because you'll finally be able to validate definitively that what's in production is an exact match to what was deployed. SignaCert's ETS proves definitively what has change since a system went into production
Get real validation, in hours, for a song.
Read more on SOX: