Sarbanes-Oxley Policy Samples:

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

SOX

Section 404 of the Sarbanes-Oxley Act (SOX) requires companies to document their financial and Information Technology (IT) controls and attest to the effectiveness of the controls on an annual basis. This section provides access to Information Security Policy Framework templates (for example, policies and standards) that are needed to create, implement, and maintain a risk management-based Information Security Program that complies with SOX Section 404.

SOX Policy Sample Library
This section provides sample Information Security Policy templates (for example, Program Charter, policies, and standards) that are needed to create, implement, and maintain an Information Security Program that complies with SOX Section 404.

SOX Policy References
Policies are the broad rules for ensuring the protection of information assets, and for implementing a security strategy or program. Generally brief in length, policies are independent of particular technologies and specific solutions. This section provides sample security policies that an organization can clone and tailor to its unique requirements.


SOX Standard References
Standards provide more measurable criteria and specific requirements for satisfying the high-level objectives defined in the policies. This section provides non-technical standards and technical standards.


--Mdpeters 09:03, 14 July 2006 (EDT)