Sarbanes-Oxley The Sarbanes-Oxley Act of 2002 has a significant impact on IT organizations. In accordance with Section 404, both company executives and external auditors must attest to the adequacy and effectiveness of their internal controls, including IT controls. IT will be externally audited, and audit results must be included in each annual report filed with the Securities and Exchange Commission (SEC). Although Sarbanes-Oxley Section 404 does not mandate automated systems-based controls, such controls ease the compliance process, and reduce the impact of controls on ongoing IT operations. In many cases, using software solutions from BMC Software is the best way to implement consistent controls. BMC Software offers solutions to help automate general IT control activities to meet Sarbanes-Oxley audit requirements. Identity and Access Controls - track and monitor people interactions with IT systems and business policies to detect anomalies, identify breaches and prevent reoccurrence of non-compliance events Data Management and Recovery Controls - ensure that data is not compromised and data retention processes are maintained. Change and Configuration Controls - automate and track application and technology-related changes.

White Paper Implementing General IT Controls for Sarbanes-Oxley: Merging People, Processes and Technology Read it now. (pdf)