Sarbanes-Oxley Policy Samples:
SOX
Section 404 of the Sarbanes-Oxley Act (SOX) requires companies to document their financial and Information Technology (IT) controls and attest to the effectiveness of the controls on an annual basis. This section provides access to Information Security Policy Framework templates (for example, policies and standards) that are needed to create, implement, and maintain a risk management-based Information Security Program that complies with SOX Section 404.
SOX Policy Sample Library
This section provides the minimum set of Policy Framework templates (for example, Program Charter, policies, and standards) that are needed to create, implement, and maintain an Information Security Program that complies with GLBA. Additional best practices policies and standards are provided for financial organizations that wish to exceed GLBA requirements and establish a more comprehensive Policy Framework.
- SOX Policy References
- Policies are the broad rules for ensuring the protection of information assets, and for implementing a security strategy or program. Generally brief in length, policies are independent of particular technologies and specific solutions. This section provides sample security policies that an organization can clone and tailor to its unique requirements.
- SOX Standard References
- Standards provide more measurable criteria and specific requirements for satisfying the high-level objectives defined in the policies. This section provides non-technical standards and technical standards.
--Mdpeters 09:02, 14 July 2006 (EDT)