28 Apr Logical Access Controls | ERP Cloud SOX Compliance Requirements
In this post we will be discussing logical access controls for cloud systems that meet SOX compliance requirements. If you want to get in-depth info on the other top five areas of control for SOX compliance, check out this eBook on SOX Compliance Requirements for accounting in the cloud.
Publicly traded companies must comply with the Sarbanes-Oxley (SOX) Act of 2002 and even if you are not a public company today, SOX compliant practices will reduce your risk of financial errors, fraud and breaches. What’s more, if you decide to sell down the road satisfying SOX objectives now will help build underwriter confidence in your financial reports and improve the outlook of a potential initial public offering.
The 5 Critical Controls for SOX ERP in the Cloud
In order to truly deliver SOX compliant cloud services and infrastructure, a cloud provider must have standardized and documented policies for…
- Change Management Plan and Policies
- Logical Access Controls
- Physical Security Policy
- IT Operations Management
- Enterprise Cloud Backup & Recovery
Logical Access Controls for SOX ERP Compliance in the Cloud
With so many stories in the news these days about data breaches it’s no secret that some cloud environments are not secured as well as others, and it is part of your hosting provider’s responsibilities to protect your cloud system against hacking, viruses and other unauthorized access.
Assurance of this type of protection can only be delivered by a cloud services provider with written policies and processes that are implemented and maintained according to SOX objectives. That means they maintain strict access controls, firewalls and encryption while keeping up-to-date with current anti-virus solutions as part of their core offering.
So how do we know when the cloud is secure and compliant for SOX?
If you are on the market for a cloud provider for Microsoft Dynamics ERP or other enterprise accounting software, asking the following questions will help you determine if a potential cloud provider is the right fit for your governance, risk management and compliance needs.
- What controls and software tools does the cloud provider use to restrict access and prevent breaches?
- How do they ensure that all user access changes are authorized and processed in a timely manner?
- What policies are in place to maintain user passwords, firewalls and encryption?
- How are controls maintained regarding user level access restrictions?
It is important that a cloud services provider offers the highest levels of IT monitoring, firewall protection and encryption, but they must also follow strict policies around password naming schemes and password resets to ensure the authenticity of data. You should also be sure your cloud provider has policies in place for regular review of firewall systems logs and database administration processes.
Did you know..?
If you are a publicly traded company with a Dynamics ERP system, you can quickly upgrade to the newest version in the cloud without sacrificing governance, risk management and compliance requirements… Check out thisMicrosoft Dynamics SOX compliance solutions and cloud services page.