Download Trial

How to Buy

Products

Solutions

Support

Developers

Partners

Company

Database Connectivity

Mainframe Integration

Connect for ADO.NET

Custom Driver Development Kit

Shadow z/Presentation

Data Integration Suite

DataDirect XQuery

DataDirect XML Converters

Stylus Studio

For Corporations

For Independent Software Vendors

For Relational Databases

For Custom Driver Development

DataDirect OpenAccess SDK

Custom Driver Development Kit

XQuery

XML Converters

Mainframe Integration

Partners Home

OEM Program

OEM Log-In

Channel Partner Program

Channel Partner Directory

Channel Partner Log-In

N. America: 800 876 3101 | World: 44 (0) 1753 218 930

Security

> Products > OpenAccess SDK > Addressing Sarbanes-Oxley Compliance with Fine Grained Secure Database Access

Addressing Sarbanes-Oxley Compliance with Fine Grained Secure Database Access

View PDF

For IT departments in public companies the biggest challenges today are implementing the required IT policies and infrastructure to comply with the Sarbanes-Oxley Act of 2002 (SOX).

The Sarbanes-Oxley Act of 2002 (SOX) was passed by Congress to reform the accounting practices, financial disclosures and corporate governance of public companies. Among other things, SOX requires the CEO and CFO of public companies to personally certify that financial statements are accurate.

Section 404 of SOX requires that management perform an assessment of internal controls over financial reporting and obtain attestation from external auditors, on an annual basis. For most companies, the deadline for compliance with section 404 was November 15, 2004.

For section 404, organizations are expected to use an accepted framework to establish appropriate internal controls. The SEC specifically cites the framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The COSO framework makes general references to IT controls but is not a specific IT framework. The IT framework that is considered most closely aligned with COSO was developed by the IT Governance Institute and is known as COBIT (ControlObjectives for Information and Related Technology). COBIT sets forth specific IT control objectives, several of which relate directly to identity and access management.

This document deals with the identity and access management-related issues in IT Control Objectives for Sarbanes-Oxley, as published by the IT Governance Institute. It is not intended to be a complete discussion of the COBIT framework.

Next: "The Challenge of Maintaining a Consistent Level of Control"