Resources

After a slew of major corporate and accounting scandals in the U.S., the government enacted the Sarbanes-Oxley Act of 2002 (SOX). There are 11 sections to the Act; the two most important for security and compliance are Sections 302 and 404, which deal with internal controls. 

The tricky part comes with the mechanisms for compliance -- SOX does not mandate a control framework for abiding by its rules. Instead, it requires "management to base its evaluation of the effectiveness of the company's ICFR on a suitable, recognized control framework." Most choose either the COSO (Committee of Sponsoring Organizations) or COBIT (Control Objectives of Information and Related Technology).

This mapping guide outlines how Imprivata FairWarning maps to COBIT's processes for managing human resources, suppliers, risk, and security to bring you in compliance with SOX.