The purpose of this document is to explain how EventTracker can help your organization meet the audit reporting requirements of The Sarbanes-Oxley Act of 2002 (SOX). EventTracker™ is a reliable, proactive and practical enterprise class solution to centrally monitor, analyze and manage events generated by Windows NT/2K/XP/2003, UNIX systems and SNMP enabled devices.
This “how to” guide is organized into two parts. Part 1 provides an overview of SOX Section 404 and COSO. It also introduces EventTracker and details how it helps met corporate compliance requirements. The second part is an administrative guide detailing a sample three-day deployment process to SOX compliance with EventTracker.
The information contained in this document represents the current view of Prism Microsystems Inc. (Prism) on the issues discussed as of the date of publication. Because Prism Microsystems must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Prism. Prism cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. Prism MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this paper may be freely distributed without permission from Prism, as long as its content is unaltered, nothing is added to the content and credit to Prism is provided. Prism may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Prism Microsystems, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. © 2010 Prism Microsystems Inc. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Moving to Sarbanes-Oxley Compliance in Three Days using EventTracker
Passage of the Sarbanes-Oxley Act of 2002 brought new levels of focus on the efficacy and accuracy of financial controls and reporting within corporations. As the data used in financial reporting is captured, verified, stored, and reported mainly by computer-based systems, senior management turned to computer security officers to implement the needed controls on those systems. Sarbanes-Oxley mandated that the effectiveness of these processes must be proven to independent auditors. Companies today often struggle to give auditors what they need in terms of proof that IT operations are under control, and getting this information together can be an extremely labor-intensive process. SOX Section 404 describes IT controls extensively. It includes the processes and resources that are involved in supervision and control of financial reporting operations in an organization. To support SOX Section 404, you need to collect, retain and review millions of audit trail events from all sources that touch company financial data. These logs form the basis of the internal controls that provide corporations with the assurance that financial and business information is accessed only by authorized individuals and has not been tampered with. With EventTracker, companies can present a unified view of users and system access activities to auditors. EventTracker automates key auditing and review processes that need to be repeated regularly for a company to stay in compliance with Sarbanes-Oxley regulations. More information about EventTracker can be found on http://www.prismmicrosys.com/