Does anyone have a detailed Compliance Package template for Sarbanes-Oxley ? I wasnt able to find in the pre-built ones.
I have one that lists the Titles, and Sections
Thanks
there is one there, but im not sure is really … how to put it … correct.
i have done sox in my company for the last 4 years or so, ours looks very very similar to that one but im aware colleagues of mine also running corp. security at public companies have slightly different docs … similar, but different.
@david.schroth is kind of my reference for this topics - he runs a consulting business in atlanta
SOX and SOC 1/2 are two different things.
Rene - Are you looking for all of the various sections of the law including business related things and those sign offs, or are you looking for the IT specific requirements?
On the IT side, there’s not a lot of hard and fast requirements - you need IT General Controls for systems (including network/application/OS/database) that support financially material classes of transactions. The general controls include logical access, physical access, change management and IT operations. You can think of the scope as similar to CC6, CC7 and CC8 of the 2017 SOC 2 TSCs, but you can probably drop a few of the more annoying ones. The IT scope of things can also include application and IT dependent manual control testing as identified by the finance team.
Beyond that, the major sections of SOX that are relevant to most are Sections 302 (CEO/CFO sign off on financials) and 404 (attestation of internal controls) are the two that are cared about as far as a financial audit is concerned.
I need to take care of the IT specific ones to begin with, but still need the full list. So I based myself on the GDPR model and create a package that looks like the screenshot. I would have preferred seperating the items a little more, but for the moment this will work for my needs.
Where can I find this listing? I need to download a SOC2 compliance package
compliance documentation , at the bottom you have pre-compiled packages