The Sarbanes-Oxley Act of 2002 (SOX) is a federal law that sets a list of requirements for all U.S. publicly-traded company boards, management, and public accounting firms. The purpose of the legislation is to improve the accuracy and reliability of corporate disclosures.
Sections 302 (“Corporate responsibility for financial reports”) and 404 (“Management assessment of internal controls”) are of particular interest to information professionals. 302 holds CEO and CFOs personally responsible for disclosure accuracy, while 404 requires corporations to have their internal controls audited and reported annually to the SEC.
Cygna Auditor's built-in and custom alerting notifies you of unusual activity such as scripted permission changes, or mass file updates typical of ransomware.
Review and keep secured system access to a minimum with Cygna Auditor's group reports that show membership of secured system users and administrators.
Keeping group membership current is only half the battle – you must ensure that permissions on secured systems stay the way they were intended. Cygna Auditor's permissions reports enable you to be sure access is correct.
Cygna Auditor monitors all successful and failed data activity such as file or folder creation, access, updates, deletions, who made the changes and when they were made.
The Information Technology Governance Institute (ITGI) has used COSO and COBIT frameworks to create a set of specific IT control objectives for SOX. The requirements below are an example of COSO / COBIT recommendations that apply to Cygna Auditor.