Sarbanes-Oxley SOX Compliance

In the wake of a number of corporate accounting scandals, including Enron, Peregrine Systems and WorldCom, the Sarbanes-Oxley Act was introduced ‘To protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes’ The intent of the Act was to ensure that similar cases of accounting fraud and the misleading of investors would be prevented in the future for all publicly held companies, management and public accounting firms.


sox - city buidlings

Data governance requires IT system integrity to be maintained
One of the key elements of the legislation is that company executives must take personal responsibility for the veracity of financial information, with far greater penalties for other financial fraud. The necessary internal controls/operational controls in terms of accounting and auditing require sufficient levels of governance, defined in SOX Section 404.

A ‘Top Down’ risk assessment must be conducted by Management, operating in conjunction with an independent external Auditor, covering a number of key questions:

  • Are internal controls related to significant accounts and financial reporting effective?
  • What is the potential risk for fraud or misrepresentation for business transactions with respect to IT systems and operational practices?
  • In summary, do company-level controls comply with COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework best practices? (first published in 1992 and updated in 2013)

In order for any organization to even attempt to attest to SOX compliance will require secure, protected and governance-assured IT systems.

From an internal controls SOX 404 standpoint, NNT Change Tracker ensures that IT systems are protected from fraud and misuse, with requisite audit trails provided to prove system integrity has been maintained.

Systems must be hardened and provisioned on a strict ‘principle of least privilege’ basis and Change Tracker’s certified auditing technology for CIS Benchmark Checklists ensures that all available vulnerability mitigations are in place at all times.

Finally, the provision of a ‘Closed Loop’ Change Management system is vital to show exactly what changed and by whom at any stage in order to govern system integrity. By extension, any Unplanned Change will be highlighted for investigation and either approval or remediation in line with COBIT Framework best practices, favored strongly by SOX 404 Auditors.

Additional SOX Resources
Sarbanes-Oxley (SOX) Blog
The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2022, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.