Network Encryption from CipherOptics
 
 
 Company Overview
 Executive Team
 Board of Directors
 Executive Advisory Board
 Newsroom
 In the News
 Tradeshows & Events
 Industry News
 Trophy Room
 Press Releases
 Careers
 Solutions Overview
 Network Encryption
 MPLS Network Security
 Metro Ethernet Security
 International Data Protection
 Network Security & Data Protection
 Disaster Recovery
 Ethernet Encryption
 Point-to-Point Encryption
 Real-time & High-volume Applications
 Secure Information Sharing
 Products Overview
 CipherEngine™
 Security Gateways
 Service Offerings
 Resource Center
 Compliance Overview
 HIPAA Compliance
 Sarbanes-Oxley Compliance
 GLBA Compliance
 CA SB 1386 Compliance
 PCI DSS Compliance
 Basel II Compliance
 FERPA Compliance
 FFIEC Compliance
 ISO 17799 Compliance
 NERC Cyber Security
 Government Overview
 Government Regulations
 FISMA Compliance
 DoD 8100.2 Compliance
 NISPOM Compliance
 DCID 6/3 Compliance
 Government Security News
 10Gig Network Encryption
 Partner Overview
 Strategic Partners
 Resellers
 Technology Partners
 Become a Partner
 Partner Portal Login
 Contact Information
 Web Contact Form
 Support
 
   

Compliance
Quick Links
Secure Information
Sharing
 White Papers
CipherEngine
Resource Center
Compliance Video
Regulatory Compliance Overview Video
Watch the video
Contact Us
1-877-878-6655
info@cipheroptics.com
Ask a Quick Question

Home > Compliance > Sarbanes-Oxley Compliance

Sarbanes-Oxley Security Compliance

The Sarbanes-Oxley Act (also known as the Public Company Accounting Reform and Investor Protection Act of 2002) was enacted to increase regulatory visibility SOX Compliance and accountability of public companies and their financial health. Sarbanes-Oxley is currently law, and even smaller companies are now required to comply with the critical Section 404 for fiscal years beginning on or after Dec. 16, 2006.

How does CipherOptics help?
CipherOptics CipherEngine enables Secure Information Sharing, which assures the confidentiality, authenticity, and integrity of data in motion on any network. Our approach to protecting both your network and your data is to deny access to everyone, permit by exception. With that as our driving force, our solutions provide you with both encryption and authentication of all your critical information.

We use 256-bit AES encryption that is approved by the government for "sensitive but unclassified" information; our solutions authenticate networks and packets, as well as, protect data. Using the robust secure hash algorithm (SHA-1) to verify the integrity of the data, rejecting any packets that have been manipulated or altered.

SOX security compliance requires a layered approach to network and data security. CipherEngine is an important component of this comprehensive security strategy. By protecting confidential data, CipherEngine dovetails with perimeter security and ID management for best practices and SOX regulatory compliance.

What does CipherOptics do?
CipherOptics is the leader in network-wide encryption. Offering an innovative policy and key management solution, coupled with high speed, low latency encryption technology, CipherOptics helps their customers mitigate the risk of data leakage, loss and theft over any network.

Who is affected by SOX?
All corporations that fall under the jurisdiction of the U.S. Securities and Exchange Commissions are subject to SOX requirements. This essentially means any publicly traded company must abide by SOX. The Act directly affects all publicly traded companies, financial services companies, CPAs and CPA firms, as well as attorneys of publicly traded companies. Even so, private firms interested in going public, or that may be the target of an acquisition or merger by a public firm, will also fall under SOX scrutiny ensuring compliance of the final entity.

What are the requirements of SOX?
Sarbanes-Oxley is a broad act that addresses a number of accountability issues. The most relevant requirements of the law are the following:
  • CEOs and CFOs must attest to the accuracy of financial statements and disclosures in the periodic report. (Section 302)
  • Companies are responsible for having adequate internal control structure and procedures for financial reporting. Management must assess these internal controls. (Section 404)
  • Companies must provide real-time disclosures of any events that may affect a firm's stock price or financial performance within a 48-hour period. (Section 409)
  • Companies must protect and retain financial audit records. (Section 802)

Related SEC releases define internal controls and procedures for financial reporting as controls that provide reasonable assurances that:
  • Transactions are properly authorized.
  • Assets are safeguarded against unauthorized or improper use.
  • Transactions are properly recorded to permit the preparation of financial statements that are presented in a manner consistent with GAAP.
  • To meet the assessment requirement, management must select a suitable, recognized framework for assessing the effectiveness of internal controls.

Two popular control frameworks are COSO (Committee of Sponsoring Organizations) and COBIT (Control Objectives for Information and Related Technologies). COSO focuses on controls for financial processes, and COBIT focuses on IT.

What are the penalties for SOX non-compliance?
The SEC has directed national securities exchanges and associations to prohibit the listing of securities of a non-compliant company. If material non-compliance causes the company to restate its financials, the CEO and CFO forfeit any bonuses and other incentives received during the 12-month period following the first filing of the erroneous financials. SOX takes specific note of violations involving destruction or falsification of documents or records related to any federal investigation or bankruptcy proceeding. Personal penalties range from fines of up to $1 million to prison sentences of not more than 20 years for "whoever knowingly alters, destroys, mutilates" any record or document with the intent to impede an investigation.

How do companies comply with SOX?
The combination of the various SOX requirements means that CEOs and CFOs must attest to having the proper "internal controls" at their companies to protect against data tampering. The data protection requirements for data center infrastructures include:
  • Guaranteed, no-excuse access to information
  • Processes and controls to ensure access to information
  • Separation and protection of information before it is widely disclosed

In short, complying companies must ensure the long-term retention, security, integrity, and availability of data. They must also ensure the authenticity and integrity of data in motion.

Helpful Resources
Full Text of the Sarbanes-Oxley Act
Summary of the Provisions of the Sarbanes-Oxley Act
 
Copyright 2002-2008 CipherOptics, Inc. | All rights reserved | 1-877-878-6655
Trademark and Legal Notices | Privacy Policy | Site Map