IT Answers » Sarbanes-Oxley Act

Formulating a backup policy for data generated by terminated employees.

SearchStorageATE — Wed, 18 Nov 2009 17:34:01 +0000

Our company is trying to use best practices where possible to formulate a policy to cover the backup, storage, security, retrieval and retention of data from the PCs, home drives and Exchange mailboxes of employees that have terminated employment. Our company is publicly traded so the Sarbanes-Oxley (SOX) Act is relevant and we do have trade secrets to protect. Can someone suggest some places to look for best practices for this specific part of our backup strategy?

Industry standard SOX audit checklist?

BrentSheets — Tue, 30 Jun 2009 18:30:58 +0000

Working through SOX compliance issues with updated infrastructure, documented interfaces, reviewed controls and on and on — but is there an industry SOX audit checklist to show exactly what auditors are looking for concerning compliance? If so, would someone point me to it? Thank you.

Moderator Note: This is a submitted question

Do I need digital certificates to be sox compliant?

Mhoddenbagh — Mon, 08 Jun 2009 15:13:02 +0000

Dear LS,

I´d like to understand to which extend I need digital certificates (PKI) in order to be in compliance with current most important regulations including sox, but also other relevant regulations that might be applicable. This includes topics like WIFI within an Enterprise on a Global scale or secure email or when I use a smart card as log in methode.

Thanks for your help in advance.

Monitoring Object changes in Oracle

QAQA — Mon, 13 Oct 2008 18:17:24 +0000

I have to find out who modified objects in dba_objects each week for those changed during that week for SOX perspective. Right now i check with deveplopers for each one, which they don’t like. I question is how to find out who modified an object in 9i or 10g (and 11i)?

IT Strategies Info Center: Compliance

HannahDrake — Mon, 20 Jun 2005 14:54:08 +0000

Hey everyone,

I’m an assistant editor for SearchDataCenter, and was curious what our users think of the Info Center we have on compliance. Has anybody checked it out? Is it useful? Any suggestions? Are there any topics you’d like to see more coverage on?

If you haven’t seen it, here’s a link:

http://searchdatacenter.techtarget.com/infoCenter/0,,sid80_iid2652,00.html

Thanks, and as always your feedback is greatly appreciated!!

Hannah Drake
Assistant Editor
SearchDataCenter.com
hdrake@techtarget.com

Replacement for DFU

GreenFrog — Tue, 03 May 2005 15:28:48 +0000

We are looking for a product to replace DFU on our AS/400. I have found one product called DBU. In the past I had received information about Hawkeye. Does anybody have any information about this product or company?

Thank you

Congress to ban sale of SSNs for commercial purposes?

InfoSafety — Wed, 16 Mar 2005 15:14:32 +0000

According to articles in today’s Washington Post and Wall Street Journal, Congress is considering legislation to ban the sale of Social Security Numbers for commercial purposes, unless individuals give their permission. The Post article went on to opine that there appears to be a growing bipartisan consensus among key House and Senate members to enact such legislation. Data brokers and their customers oppose any sort of regulation.

Those who have seen my earlier posts know that I am in favor of an ownership/permission model, i.e., people own their personal information and their permission must be obtained before it is released for commercial purposes. What do you think should be done?

Craig Herberg

ID Theft and National Security

InfoSafety — Sat, 12 Mar 2005 22:35:19 +0000

If it turns out, as I believe, that enemies of the United States are behind a lot of the major ID thefts in the US, that would mean that a lot of money is going to our enemies. Can we therefore surmise that those who mishandle our identity information, by means of their poor stewardship of our identities, are also responsible for endangering our national security?

Craig Herberg

PMP transitioning from tech oriented projects to business oriented projects

Johnnylac — Wed, 02 Mar 2005 10:08:10 +0000

I am a PMP with 10+ years experience in implementation oriented projects (rollouts, user moves, infrastructure, NetOps, etc.) for internal clients. I want to transition to business oriented projects (SAP, PeopleSoft, SOX, SW development, etc.) for external clients.

I am fully familiar with PMI methodologies but have no experience and little familiarity in any of these areas. How can I get trainingexperiencecertification in any of these areas?

Change Management Software

Formula1 — Tue, 23 Nov 2004 14:34:19 +0000

Currently evaluating solutions for iSeries, WDSC & Websphere running on Linux on Pcs. Down to Aldon & Turnover. Anyone have enough experience with these products to compare strengths & weaknesses in production?