How Sarbanes-Oxley Affects Corporate Email Systems
The ... Act of 2002 and ... rules adopted by the ... and Exchange ... (SEC) require certain ... to report on the ... of their internal controls over f
The Sarbanes-Oxley Act of 2002 and associated rules adopted by the Securities and Exchange Commission (SEC) require certain businesses to report on the effectiveness of their internal controls over financial reporting. Effective internal controls ensure information integrity by mandating the confidentiality, privacy, availability, controlled access, monitoring and reporting of corporate or customer financial information. Companies that must comply with Sarbanes-Oxley include U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. U.S. companies with market cap greater than $75M and on an accelerated (2004) filing deadline are required to comply for fiscal years ending on or after Nov. 15, 2004. All others are required to comply for fiscal years ending on or after April 15, 2005.
The role of email in Sarbanes-Oxley compliance cannot be overstated. At a high level, email is the primary internal and external communication tool for corporations. However, a more granular inspection of email’s role, especially as pertaining to corporate information security, reveals that it can make or break a company’s efforts to comply with Sarbanes-Oxley. Email systems are critical to ensuring effective internal control over financial reporting, encryption of external messages and active policy enforcement, all essential elements of compliance.
Complying with Sarbanes-OxleyThe changes required to ensure Sarbanes-Oxley compliance reach across nearly all areas of a corporation. In fact, Gartner Research went so far as to call the Act “the most sweeping legislation to affect publicly traded companies since the reforms during the Great Depression.” Since the bulk of information in most companies is created, stored, transmitted and maintained electronically, one could logically conclude that IT shoulders a lion’s share of the responsibility for Sarbanes-Oxley compliance. Enterprise IT departments are responsible for ensuring that sound practices, including corporate-wide information security policies and enforced implementation of those policies, are in place for employees at all levels. Information security policies should govern:
Sarbanes-Oxley Section 404This section regulates enforcement of internal controls. Management must show that it has established an effective internal control structure and procedures for accurate and complete financial reporting. In addition, the company must produce documented evidence of an annual assessment of the internal control structure’s effectiveness, validated by a registered public accounting firm. By instituting effective email controls, organizations are not only ensuring compliance with Sarbanes-Oxley Section 404; they are also taking a giant step in the right direction with regards to overall email security.
Effective Email ControlsEmail has evolved into a business-critical application unlike any other. Unfortunately, it is also one of the most exposed areas of a technology infrastructure. Enterprises must install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur.An effective email security solution must address all aspects of controlling access to electronically stored company financial information. This includes access during transport as well as access to static information resident at the company or on a remote site or machine. Given the wide functionality of email, as well as the broad spectrum of threats that face email systems, ensuring appropriate information access control for all of these points requires:
IronMail and Sarbanes-OxleyCipherTrust’s IronMail has been created to protect organizations from both known and unknown email security attacks. IronMail offers automatic or manual updates to protect against both known and newly discovered email security threats and vulnerabilities, and the comprehensive messaging security provided by IronMail assists organizations in key areas of maintaining effective internal controls. Specific financial information threats and vulnerabilities protected by IronMail include:
Take the Next StepLearn more about how IronMail helps organizations ensure Sarbanes-Oxley compliance by visiting www.ciphertrust.com or requesting CipherTrust’s free whitepaper, ““Contributing to Sarbanes-Oxley Compliance with IronMail”.
Source: Free Articles from ArticlesFactory.com
ABOUT THE AUTHOR
CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, “Contributing to Sarbanes-Oxley Compliance with IronMail” or by visiting www.ciphertrust.com.