SOX Compliance... There's More
I met a prospect recently that must comply with multiple regulations including SOX (AKA The Sarbanes Oxley Act of 2002). Like many other large organizations they should meet multiple mandates, but SOX is a top priority.
As we know, SOX has put stringent regulations on the corporate governance of publicly traded companies to ensure the protection and validation of all financial data and the IT component of SOX compliance becomes increasingly important. Implementing the required controls can be an expensive project and it might require multiple projects, since those requirements typically touch every business process and every business application like Oracle EBS, SAP, PeopleSoft and the like that touches financial data stored in databases. In addition, IT is chartered not only to set and enforce data access controls for business systems, but also to show that the controls are followed, and report any instances of violations. Many times, organizations are looking to implement a check mark solution, using cheap products or using native auditing.
During a discussion I found out that they also use the ERP systems to manage HR information and they have some other systems that contain customer PII.
While the risk and compliance officer was talking with me, it became clear to him that they actually need a system that can automate different compliance needs. At that moment we were able to change the discussion topic from SecureSphere is a great product but it does more than I really need" to How can I use SecureSphere to assist me with my overall compliance program. Then, the rest of the discussion was really interesting...
To learn more about Imperva's solutions for SOX visit the database auditing solutions page and theautomated compliance reporting page.
