What is Sarbanes-Oxley Act (SOX) Compliance?

SOX compliance featured

The U.S. faced several disheartening and frustrating scandals in the earliest part of the century. Without regulations guiding them to be transparent, corporations were regularly falsifying financial records or defrauding their investors. To curb this issue, Congress passed the Sarbanes-Oxley Act. This act, also known as SOX, codified a set of reporting and auditing standards into law to force corporations to provide truthful and accurate financial information and avoid further fraud issues. 

Here we discuss some of the implications of SOX and how you can approach compliance for your publicly traded company. 

 

Read More

What Is ISO 27017 and How Does it Impact Cloud Providers?

ISO 27017 featured

The ISO 27000 series is a set of important security documents released by the International Organization for Standardization (ISO) to provide a guideline for best practices in IT security management, ISMS development and organizational security and risk management practices. The earlier documents (27001, 27002, etc.) serve as a baseline for this series, and many of the following documents build from that foundation. 

Later documents in the series develop guidelines describing more specialized applications. One of these, ISO 27017, address security practices for the expanding area of cloud infrastructure that most of our business operations rely on. 

 

Read More

What is ISO 27004 and ISMS Monitoring?

iso 27004 assessment featured

You’ve studied ISO 27001 and, either internally or through the help of a security partner, you’ve implemented the security controls and practices therein to achieve compliance. Now, per ISO standards, it’s on you to continually monitor your ISMS, measure performance and effectiveness, and determine success. With complex ISMS, however, this can seem like a daunting prospect. Thankfully, ISO provides a framework for monitoring and measurement in the 27000 series–the ISO 27004 publication on monitoring, measurement, analysis and evaluation of information technology. 

As part of our series on the ISO 27000 series, we turn to ISO 27004 to highlight the importance of system monitoring and evaluation from the perspective of this particular framework. 

 

Read More