SOX Compliance: Applicable for all publicly-traded companies in the United States using Salesforce
The Sarbanes-Oxley (SOX) Act of 2002 represents a significant change to federal securities law and was passed due to accounting scandals at Enron, WorldCom, Global Crossing, Tyco and Arthur Andersen, that resulted in billions of dollars in corporate and investor losses. These huge losses negatively impacted both financial markets and general investor trust.
SOX is about corporate governance and financial disclosure. It requires all financial reports to include an Internal Controls Report to show that a company’s financial data is accurate and adequate controls are in place to safeguard financial data. Effective in 2006, all publicly-traded companies are required to implement and report internal accounting controls to the SEC for compliance.
SOX auditing requires that internal controls and procedures can be audited using a control framework like COBIT and dictates that log collection and monitoring systems must provide an audit trail of all access and activity to sensitive business information.
If your organization is using Salesforce, especially communities, and does not have a third-party virus scanner connected to the environments, it will not pass a SOX security audit as required by the SEC which directly affects filing status.
Download the white paper to understand how EZProtect solves the SOX compliance auditing requirement of internal controls and procedures – specifically sections 302, 404 and 409 for monitoring, logging and auditing.