For many organizations, compliance with data security standards doesn’t seem to be getting easier. IT security
compliance efforts are forever competing with projects to address pressing information security threats, operational
vulnerabilities and daily business risks, and all too often they lose out in the battle for resources and funding.
This paper addresses this area of IT security compliance from an auditor’s perspective for the Sarbanes-Oxley Act (SOX). Although SOX represents only a portion of the total scope of internal control obligations faced by most organizations, it is a critical piece of the compliance challenge, and the solutions recommended here for SOX compliance will help your organization achieve and demonstrate compliance with other security mandates as well.