Data Center Security Standards for SOX Compliance

Data Center Security Standards for SOX Compliance

Data center security standards  for SOX are a critical factor when going public in the cloud or moving a publicly traded company’s financials to the cloud.

Chief Compliance Officer Glen Medwid discusses how SOX impacts operational controls for IT and how RoseASP provides documentation that data center security standards are metYou can learn more about all ERP cloud SOX compliant objective points in this free SOX Compliance Requirements eBook.

“We have SSAE 16 reports prepared and we review those reports for any issues.  If there were any deficiencies we would work with the datacenter to correct those deficiencies. “We also provide copies of those SSAE 16 reports to external auditors of our customers to serve as documentation that the proper controls were in place and operating effectively.”

The Sarbanes-Oxley Act (SOX) of 2002 imposes certain restrictions on accounting systems and data in order to protect integrity of financial reports coming out of publicly traded companies. SSAE 16 is a set of data centers security standards used to measure the operational effectiveness of a data center’s internal controls.

SSAE 16 reports offer shareholders, underwriters and other potential investors assurance that the integrity of a cloud based financial system has not been compromised.  SSAE 16 certified data centers are a necessity for meeting SOX data center standards with regard to cloud based financial information systems.

“We have written policies that address key IT controls to ensure that SOX requirements are met…. We ensure compliance both with internal controls at the data center and controls within our internal IT operations.”

The 5 Critical Controls for SOX in the Cloud

In order to truly deliver SOX compliant cloud services and infrastructure, a cloud provider must have standardized and documented policies for…

  1. Change Management Plan and Policies
  2. Logical Access Contols
  3. Physical Security Policy
  4. IT Operations Management
  5. Enterprise Cloud Backup & Recovery
No Comments

Post A Comment