Preparing for a SOX Audit with JumpCloud®

The compliance audit is the paramount test of any IT organization. If an organization doesn’t uphold federal regulations, the cost can be exorbitant. Companies that have failed audits can be responsible for hefty fines, liable for legal action, lose years of reputation, or even be shut down. For IT admins, audits are serious business. One compliance audit that is prevalent across many industries is the SOX audit. Here are several things to consider when preparing for a SOX audit.

What is SOX?

Before we talk about preparing for a SOX audit, however, let’s talk about SOX itself. SOX stands for the Sarbanes-Oxley Act, which was enacted by US Congress in 2002. The federal law enforces eleven sections of regulations regarding finances and communications for corporations. The bill itself was originated after several major corporate fraud scandals occurred, such as the notorious Enron scandal.

SOX compliance

Ultimately, SOX is designed to ensure that no company is above the law. When he signed it into law, President George W. Bush called it the most important American business reform since Franklin Delano Roosevelt (American Presidency Project). At its core, SOX requires that businesses keep straightforward and accurate records regarding their financial dealings and internal communications, with underlying consequences for those that fail to do so.

How does SOX Affect IT?

For the IT admins at any publicly owned American company, keeping track of company data, as well as the people that are accessing it, is a crucial task. Keeping a clean house, of sorts, is key to being ready for an audit. While it can be done in several ways, one of the most effective ways to prepare for a SOX audit (or any audit for that matter) is event logging. By keeping a repository of event information, such as IT resources accessed, sysadmins can have a record of that access, including the originating IP address, access failure or success codes, and critical timestamp data.

identity as a service

Additionally, by maintaining a strong identity for their end users, IT admins can ensure that one: only authenticated users are accessing confidential information and tools, and two: (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at:

Zach DeMeyer

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

zach-demeyer has 211 posts and counting.See all posts by zach-demeyer