Information Governance and IT security remain a high priority for all organisations.  Complying with regulatory requirements is essential to avoid reputational damage, fines, the high costs of litigation, as well as the costs of putting issues right.  Many organisations rely on NETconsent policy management software because it cost-effectively automates the whole policy management process, so that everyone within the organisation understands their information responsibilities.

NETconsent supports adherence to Sarbanes-Oxley through:
  • Electronic acceptance of policies at logon - the most practical, reliable, and cost-effective method of ensuring that all users read as well as accept information assurance and other IT usage policies.
  • Recording information about when a user accepted or declined a policy - so there is no ambiguity over policy version control.
  • Distribution of policies - associated with job type without the administrative burden associated with more traditional record keeping.
  • Providing proof of job function awareness - by testing understanding, which also supports identifying knowledge gaps and enabling risk mitigation.
  • Real-time management reports - that show overall levels of compliance crucial to improving IT governance.

NETconsent also provides a 'greener' alternative to paper as policies do not require printing.

About Sarbanes-Oxley Act

The Sarbanes-Oxley Act is legislation introduced in the USA following the WorldCom and Enron financial scandals. It aims to protect shareholders and the public from the consequences of financial malpractice and accounting fraud. The act is administered by the Securities and Exchange Commission (SEC).
Sarbanes-Oxley Requirements
  • Restrictions on the types of trade allowed within a company
  • Auditable systems to record transactions
  • A ban on personal loans to officers and directors
  • Regulation of audit committee responsibilities
  • Protection for whistle blowers
  • Record retention period of at least 5 years for some documents
  • Archiving and monitoring of communications
Challenges of Sarbanes-Oxley

One of the major compliance challenges of this regulatory environment is the evolving nature of enforcement standards.  Organisations find that they must continually develop new policies and procedures no matter what their size.  Technology that can simplify the auditing of internal controls whilst reduce the costs of compliance, is key to meeting the ongoing requirements.