SOX Compliance Checklist

SOX Compliance Checklist

Download SOX Compliance Checklist: PDF
sox compliance checklist sarbanes oxley



Use this checklist to better understand cloud accounting SOX requirements when reviewing your current financial systems or to evaluate new providers of cloud-based financial software for SOX. Sarbanes-Oxley (SOX) compliance for financial software like cloud-based Enterprise Resource Planning (ERP) requires process management, documentation and high levels of service and system availability.



sox compliance checklist sarbanes oxley

ERP Change Requirements:

☐ Written policies regarding how changes to the system and the software are approved, documented and tracked

☐ Controls in place for adding system users or changing existing user passwords and access levels

☐ Controls in place regarding changes within the application itself, such as upgrades and new modules

☐ Control policies establishing a process for change requests and tracking who is authorized to make change requests

Why Cloud ERP for SOX?

“65%-70% of SOX compliant businesses are spending an increased amount of time on SOX compliance processes. Cloud ERP from the right provider can streamline your SOX accounting and reporting practices.”

ERP Change Management for SOX Compliance »



sox compliance checklist sarbanes oxley

ERP Access Requirements:

☐ Strict controls and advanced hardware & software tools used to restrict access and prevent breaches

☐ Policies and procedures in place to ensure any user access changes are authorized and processed in a timely manner

☐ Controls to ensure system security regarding user passwords, firewalls and encryption

☐ Policies establishing controls for the maintenance of user level access restrictions

“It is important that a cloud services provider offers the highest levels of IT monitoring, firewall protection and encryption, but they must also follow strict policies around password naming schemes and password resets to ensure the authenticity of data.”

ERP Logical Access for SOX Compliance »



sox compliance checklist sarbanes oxley

ERP Security Requirements:

☐ Multi-factor security infrastructure at data center sites including video surveillance, alarmed access and egress points, Kevlar impregnated drywall, bulletproof glass and NOC security personnel on-site 24/7/365

☐ Data centers which regularly undergo independent audits to verify security is working effectively

☐ Documentation available to verify recent SOC 1 Type II Certification of the data center in a timely manner

☐ Data physically separated on servers with secured ports

“Cloud based accounting requires a full service cloud hosting partner. While many cloud providers can offer server environments with SSAE 16 Type 2 compliance, few cloud providers offer ongoing support for application availability, upgrades and compliance.”

ERP Physical Security for SOX Compliance »


IT Operations

sox compliance checklist sarbanes oxley

ERP Cloud Requirements:

☐ 24/7/365 Customer service for application availability & cloud support

☐ Strict controls around accessing customer data, audit traceability and documentation

☐ System monitoring, intrusion detection and customer notification of security events

☐ Standardized policy for tracking and responding to service requests

☐ Controls in place to ensure systems are maintained in accordance with SOX policies

Additional Benefits of SOX Compliance:

“78% of businesses that adhere to SOX guidelines experience improvement of all business processes that impact financial reporting. SOX guidelines are a set of accounting best practices.”

ERP Cloud IT Operations for SOX Compliance »


Backup &

sox compliance checklist sarbanes oxley

ERP Backup Requirements:

☐ Strict daily, weekly, monthly and annual backup schedule

☐ Tailored backup and recovery plan to fit your company’s needs and schedule

☐ Regular “test” restores to validate backup plan

☐ Recovery policies ensuring data integrity during Force Majeure events

☐ Redundant power and fire suppression systems at data centers

☐ Redundant backup sites with a copy of the backup retained offsite from the data center

“The hoster should provide adequate documentation of successful backups along with periodic restore data from the backup media to allow you and your auditors to test and verify it. This allows your business to check that restore data is accurate and consistent with live data.”

ERP Backup & Recovery for SOX Compliance »

Download SOX Compliance Checklist: PDF


How much does a SOX compliant enterprise cloud solution cost?

Choose a Dynamics Solution to request a quote:

No Comments

Post A Comment