Sarbanes-Oxley Act (SOX) Compliance

Fortanix provides comprehensive controls like data-at-rest encryption, granular access controls and confidential computing to allow corporations to meet the data security standards as mandated by the Sarbanes-Oxley Act.

Overview

Passed in 2002, by the United States Congress, the  Sarbanes-Oxley Act (SOX) was designed to improve the accuracy of corporate disclosures. Section 302 and 304 of the Act set standards for data protection.

The Sarbanes-Oxley Act was introduced in the USA in 2002. Congressmen Paul Sarbanes and Michael Oxley introduced and worked on putting the compliance act together to ensure more accountability among corporations and improve corporate governance. This was done considering large scandals that erupted among the financial organizations of the nation.
sox security compliance overview

Some data security requirements as mandated by SOX are as follows-

Section 302- is focused on design and documentation of internal controls for transparent disclosure of material information. The section requires the signing officer to specify-

  • Any significant changes to corporate internal controls of financial reporting that haven’t already been reported.
  • Any incidents of fraudulent activities from internal employees that the signing officer is aware of.

In short, the section warrants the signing officer to oversee the internal controls in place for accessing relevant financial information and, have a record of who has accessed what data or information and when.

Section 404- requires the management to implement internal controls and procedures for transparent financial reporting and, carry out auditing on a yearly basis.

What’s required-

To enforce these requirements, corporations need to implement strong data security with granular and controlled access to data and keys. Some of these controls are-Encryption, Role-based access controls and Tamper-proof audit logging.

What We Do

Encryption-As-A-Service

Encryption-As-A-Service

Fortanix solution delivers a cloud-scale pervasive data security platform that provides cryptographic services, secrets management, and tokenization across cloud and on-premises environments from a single centralized point of management, control, and audit. 
Tamper Proof Audit Logging

Tamper Proof Audit Logging

Fortanix logs every action performed into a centralized audit log. Integrate a data access audit trail to a corporate SIEM or similar platforms.
Centralized Policy Management And Controls

Centralized Policy Management And Controls

Policy management and quorum approvals that can integrate seamlessly with existing authentication identity providers. Role-based access controls (RBAC) provides added security and controls.

How Fortanix can help you meet SOX compliance?

Enforce internal data controls with advanced capabilities

Enforce internal data controls with advanced capabilities

Fortanix allows a quorum policy to be set on a group in an account, such that every security-sensitive operation in the group requires a quorum approval to be obtained. Greater access controls can also be enforced with capabilities like ownership and control of Keys through External key management capability, Role-based access controls and different authorization mechanisms including time-based, role-based, key-based, quorum-based and LDAP authorization.
Secure keys inside FIPS 140-2 Level 3 certified HSM

Secure keys inside FIPS 140-2 Level 3 certified HSM

FIPS 140-2 Level 3 HSM available as a service- Inbuilt encryption and Key Management, HSM capability to store sensitive data keys.
Comprehensive data security platform

Comprehensive data security platform

Fortanix Data Security Manager (DSM) SaaS provides integrated data security with encryption, multicloud key management, tokenization, and other capabilities from one platform, delivered-as-a-service. The service is built on Confidential Computing technology to protect sensitive data across its lifecycle.
Background Image

Want to know more?
Talk to our data security experts now!

contact sales
ccm laptop Image
Fortanix-logo

4.6

star-ratingsgartner-logo

As of August 2023

SOC-2 Type-2ISO 27001FIPSGartner LogoPCI DSS Compliant

US

Europe

India

Singapore

3910 Freedom Circle, Suite 104,
Santa Clara CA 95054

+1 408-214 - 4760|[email protected]

High Tech Campus 5,
5656 AE Eindhoven, The Netherlands

+31850608282

UrbanVault 460,First Floor,C S TOWERS,17th Cross Rd, 4th Sector,HSR Layout, Bengaluru,Karnataka 560102

+91 080-41749241

T30 Cecil St. #19-08 Prudential Tower,Singapore 049712