The Sarbanes-Oxley Act was introduced in the USA in 2002. Congressmen Paul Sarbanes and Michael Oxley introduced and worked on putting the compliance act together to ensure more accountability among corporations and improve corporate governance. This was done considering large scandals that erupted among the financial organizations of the nation.
Some data security requirements as mandated by SOX are as follows-
Section 302- is focused on design and documentation of internal controls for transparent disclosure of material information. The section requires the signing officer to specify-
- Any significant changes to corporate internal controls of financial reporting that haven’t already been reported.
- Any incidents of fraudulent activities from internal employees that the signing officer is aware of.
In short, the section warrants the signing officer to oversee the internal controls in place for accessing relevant financial information and, have a record of who has accessed what data or information and when.
Section 404- requires the management to implement internal controls and procedures for transparent financial reporting and, carry out auditing on a yearly basis.
To enforce these requirements, corporations need to implement strong data security with granular and controlled access to data and keys. Some of these controls are-Encryption, Role-based access controls and Tamper-proof audit logging.