Transcription
Sarbanes-Oxley ComplianceSections 302 and 404Note: This white paper is intended to provide an overviewand is not intended to provide legal advice. For morecomprehensive information on regulations and theirimplications, please consult your legal counsel.
Sarbanes-Oxley ComplianceSection 302 and 404By 2022, 50% of midsize andlarge organizations in matureregional markets will use aThe Sarbanes-Oxley Act came into force in July 2002 and introduced major changesto the regulation of corporate governance and financial practice, including anumber of non-negotiable deadlines for compliance.content collaboration(previously known asEnterprise Sharing and Sync EFSS) platforms to implementdocument workflows andimprove collaboration andThe Sarbanes-Oxley Act is arranged into eleven 'titles.' As far as compliance isconcerned, the most important sections within these eleven titles are usuallyconsidered to be 302, 401, 404, 409, 802 and 906.Section 302 requires periodic statutory financial reports to include certificationsthat:productivity. The signing officers have reviewed the report.Strategic Assumption inGartner’s Magic Quadrant forContent Collaboration 2018 The report does not contain any material untrue statements or includematerial omissions that make the report misleading. The financial statements and related information fairly present the financialcondition and the results in all material respects. The signing officers are responsible for internal controls and have evaluatedthese internal controls within the previous ninety days and have reported ontheir findings. The report lists all deficiencies in the internal controls and information onany fraud that involves employees who are involved with internal activities. Any significant changes in internal controls or related factors that could havea negative impact on the internal controls.Section 404 requires issuers to publish information in their annual reportsconcerning the scope and adequacy of the internal control structure andprocedures for financial reporting. This statement must also assess theeffectiveness of such internal controls and procedures.The registered accounting firm must, in the same report, attest to and report onthe assessment on the effectiveness of the internal control structure andprocedures for financial reporting.Sarbanes-Oxley Act Section 302. Sarbanes Oxley 302 Made Easier. (soxlaw.com)For the Third ConsecutiveYear, Gartner Peer InsightsRecognizes CodeLathe’sFileCloud as “Voice of theCustomer” CCP Customers’ChoiceSarbanes-Oxley Act Section 404. Sarbanes Oxley 404 Made Easier. (soxlaw.com)WWW.GETFILECLOUD.COM
SectionSOX Section 302Corporate Responsibility for Financial NotApplicableYesNotApplicableYes (FTP notsupported)Yes (FTP notsupported)YesYesYesYesYesYesEstablish safeguards to prevent data tamperingSection302.2Implement a ERP system or GRC software that tracksuser logins access to all computers that containsensitive data and detects break-in attempts tocomputers, databases, fixed and removable storage,and websites.Establish safeguards to establish timelines.Implement an ERP system or GRC software thattimestamps all data as it is received in real-time. Thisdata should be stored at a remote location as soon as itis received, thereby preventing data alteration or loss.SectionIn addition, log information should be moved to a302.3secure location and an encrypted MD5 checksumcreated, thereby preventing any tampering.Establish verifiable controls to track data access.Protection of records to enable their accurate and readySectionretrieval throughout the records retention period.302.4.BEnsure that safeguards are operationalImplement an ERP system or GRC software that canissue daily reports to e-mail addresses and distributeSectionreports via RSS, making it easy to verify that the system302.4.Cis up and running from any location.Periodically report the effectiveness of safeguards.Implement an ERP system or GRC software thatgenerates multiple types of reports, including a reportSectionon all messages, critical messages, alerts and uses a302.4.Dticketing system that archives what security problemsand activities have occurred.Detect Security Breaches.Implement an ERP system or GRC software thatperforms semantic analysis of messages in real-timeand uses correlation threads, counters, alerts, andtriggers that refine and reduce incoming messages intoSection302.5.A/B high-level alerts. These alert then generate tickets thatlist the security breach, send out email, or update anincident management system.WWW.GETFILECLOUD.COM
SectionSOX Section 404Management Assessment of Internal YesYesDisclose security safeguards to SOX auditorsSection404.A.1.1Implement an ERP system or GRC software that providesaccess to auditors using role-based permissions. Auditorsmay be permitted complete access to specific reportsand facilities without the ability to actually make changesto these components or reconfigure the system.Disclose security breaches to SOX auditors.Implement an ERP system or GRC software capable ofdetecting and logging security breaches, notifyingsecurity personnel in real-time, and permitting resolutionto security incidents to be entered and stored. All inputSectionmessages are continuously correlated to create tickets404.A.2that record security breaches and other events.Disclose failures of security safeguards to SOX auditors.Implement an ERP system or GRC software thatperiodically tests network and file integrity, and verifiesSectionthat messages are logged. Ideally the system interfaceswith common security test software and port scanners to404.Bverify that the system is successfully monitoring ITsecurity.WWW.GETFILECLOUD.COM
FileCloud - Helpful Documentation Audit Logs Private Share Permissions for Folders Workflow Custom Reports Centralized Device Management Retention Policies Smart DLP Smart Classification Security Notifications FileCloud Alerts Storage Encryption SIEM Integration File Content Heuristic EngineWWW.GETFILECLOUD.COM
FileCloud is used by 1000s ofcustomers around the worldincluding Global 2000enterprises, governmentorganizations, educationalinstitutions, and managedAbout UsFileCloud Server is the commercial of the shelf software solution thathelps businesses to securely share, manage, and govern enterprisecontent. FileCloud software provides the necessary capabilities fororganizations to obtain compliance in SOX.service providers.“We liked FileCloud’s pricing,comprehensive feature setThe end-user is responsible for utilizing suitable FileCloud capabilitiesas well as managing and maintaining the environment whereFileCloud is being hosted to ensure the SOX requirements are beingmet.(branding, encryption) and theresponsive support”FileCloud aids with your SOX compliance efforts under the sharedresponsibility model.Stewart13785 Research Blvd,Suite 125 Austin TX78750Email: sales@codelathe.comPhone: 1(888)571-6480Website: www.getfilecloud.comFax: 1(866)824-9584WWW.GETFILECLOUD.COM
EFSS) platforms to implement document workflows and improve collaboration and productivity. Strategic Assumption in Gartner’s Magic Quadrant for Content Collaboration 2018 For the Third Consecutive Year, Gartner Peer Insights Recognizes CodeLathe’s FileCloud as “Voice of the Customer” CCP Customers’ Choice
