I'm an IT Manager for a mid-size international manufacturing company responsible for 2 of the 17 sites. Majority of the sites have always been autonomous from an IT perspective. Corporate now wants to establish policies for all sites to follow to comply with SarbOx. We?ve hired a contractor to assist us, however the templates we?re working with do not fit. I?m also concerned on their experience with SarbOx compliance.
Does anyone with a similar company profile feel that they are compliant in regards to SarbOx? If so, do your policies apply to all sites, are your site policies different/similar to corporate?