Download SOX Compliance Checklist: PDF
S O X
Compliance
Checklist
Change
Control
Checklist
ERP Change Requirements:
☐ Written policies regarding how changes to the system and the software are approved, documented and tracked
☐ Controls in place for adding system users or changing existing user passwords and access levels
☐ Controls in place regarding changes within the application itself, such as upgrades and new modules
☐ Control policies establishing a process for change requests and tracking who is authorized to make change requests
Why Cloud ERP for SOX?
“65%-70% of SOX compliant businesses are spending an increased amount of time on SOX compliance processes. Cloud ERP from the right provider can streamline your SOX accounting and reporting practices.”
Logical
Access
Control
Checklist
ERP Access Requirements:
☐ Strict controls and advanced hardware & software tools used to restrict access and prevent breaches
☐ Policies and procedures in place to ensure any user access changes are authorized and processed in a timely manner
☐ Controls to ensure system security regarding user passwords, firewalls and encryption
☐ Policies establishing controls for the maintenance of user level access restrictions
“It is important that a cloud services provider offers the highest levels of IT monitoring, firewall protection and encryption, but they must also follow strict policies around password naming schemes and password resets to ensure the authenticity of data.”
Physical
Security
Control
Checklist
ERP Security Requirements:
☐ Multi-factor security infrastructure at data center sites including video surveillance, alarmed access and egress points, Kevlar impregnated drywall, bulletproof glass and NOC security personnel on-site 24/7/365
☐ Data centers which regularly undergo independent audits to verify security is working effectively
☐ Documentation available to verify recent SOC 1 Type II Certification of the data center in a timely manner
☐ Data physically separated on servers with secured ports
“Cloud based accounting requires a full service cloud hosting partner. While many cloud providers can offer server environments with SSAE 16 Type 2 compliance, few cloud providers offer ongoing support for application availability, upgrades and compliance.”
IT Operations
Control
Checklist
ERP Cloud Requirements:
☐ 24/7/365 Customer service for application availability & cloud support
☐ Strict controls around accessing customer data, audit traceability and documentation
☐ System monitoring, intrusion detection and customer notification of security events
☐ Standardized policy for tracking and responding to service requests
☐ Controls in place to ensure systems are maintained in accordance with SOX policies
Additional Benefits of SOX Compliance:
“78% of businesses that adhere to SOX guidelines experience improvement of all business processes that impact financial reporting. SOX guidelines are a set of accounting best practices.”
Backup &
Recovery
Control
Checklist
ERP Backup Requirements:
☐ Strict daily, weekly, monthly and annual backup schedule
☐ Tailored backup and recovery plan to fit your company’s needs and schedule
☐ Regular “test” restores to validate backup plan
☐ Recovery policies ensuring data integrity during Force Majeure events
☐ Redundant power and fire suppression systems at data centers
☐ Redundant backup sites with a copy of the backup retained offsite from the data center
“The hoster should provide adequate documentation of successful backups along with periodic restore data from the backup media to allow you and your auditors to test and verify it. This allows your business to check that restore data is accurate and consistent with live data.”
Download SOX Compliance Checklist: PDF
How much does a SOX compliant enterprise cloud solution cost?
Choose a Dynamics Solution to request a quote:
The post SOX Compliance Checklist appeared first on RoseASP.