Change Control Process for Cloud SOX Compliance Requirements

Change Control Process for Cloud SOX Compliance Requirements


Chief Compliance Officer Glen Medwid discusses an effective change control process and how IT change management impacts SOX cloud policies.

The Change control process is a critical component to IT SOX compliance and certain change management protocols must be followed by cloud providers who host and maintain accounting systems for publicly traded companies. You can learn more about all ERP cloud SOX compliant objective points in this free SOX Compliance Checklist.

“Compliance is not just one person looking over everyone’s shoulders.  Compliance is a collaborative effort of the entire IT team,” said Medwid.

What is SOX Compliance?
The Sarbanes-Oxley Act (SOX) of 2002 was created to protect markets against the risk of fraud or inaccurate financial reporting.  SOX covers a variety of topics including the management of accounting systems and data.  In order to assure the shareholders, underwriters and other potential investors of the integrity of financial reports, documentation must be provided to prove that SOX objectives are satisfied regarding financial information systems such as Dynamics AX7.

Change control for SOX cloud requirements ensures policies are published, effective and tested.  These change control policies govern how changes to the solution are made, who can make changes, and how changes are requested and documented.

“As changes occur either to our IT operations or our clients’ IT operations, we evaluate the impact of those changes on internal controls, and revise or add new written policies as needed,” said Medwid.

The 5 Critical Controls for SOX in the Cloud

In order to truly deliver SOX compliant cloud services and infrastructure, a cloud provider must have standardized and documented policies for…

  1. Change Management Plan and Policies
  2. Logical Access Controls
  3. Physical Security Policy
  4. IT Operations Management
  5. Enterprise Cloud Backup & Recovery
“Our IT staff is fully aware of and understands our policies and the importance of compliance with those written policies.”
“As Chief Compliance Officer, I review documentation that the internal controls were performed in the key areas.”
No Comments

Post A Comment