Mantra Data Audit and Compliance Solution for Section 404 of the Sarbanes Oxley Act
Section 404 of the Sarbanes-Oxley (SOX) Act requires you to create and monitor controls of systems that affect your ability to deliver accurate financial reports. It also makes company management responsible for this "internal control" over financial reporting.
What exactly is "internal control"? It's a system of checks and balances to ensure that changes to your applications and software systems do not adversely affect your financial transactions or reports. Firms that conduct SOX audits will check to make sure that these controls are in place, and require reports (sometimes called "Attestation" reports) to back up your claims of Sarbanes Oxley compliance. Companies following the COSO/COBIT control framework also need to reconstruct what actually happened to specific data, including time sequences for processing and related activities.
To meet these requirements, companies are automating internal control infrastructure. The focus is no longer on merely understanding who has access to information. Rather, the key is to continuously monitor database activity-- especially high risk activities like privileged user behavior, direct access to sensitive data stores, user privilege escalation, failed logins, and failed database operations.
To help in your SOX compliance efforts, best practices are now established. The recommended controls are:
- Continuously monitor all database changes, including changes to data structures.
- Monitor the activity of privileged users who have the highest level of access to systems.
- Enforce segregation of duties based on user roles.
- Integrate with corporate change control systems to ensure only approved changes are taking place.
- Provide regular summary and detailed reports on all data activity.
By automating these controls, you will meet SOX audit requirements, avoid a failed audit and save time and money by eliminating manual processes.
Netezza Mantra for SOX: pre-defined templates for SOX 404 compliance
The Mantra SOX template simplifies auditing for SOX 404 compliance. It provides real-time monitoring, logging, and auditing of Sarbanes Oxley-mandated user activity. It also tracks the activity of users and administrators, isolates specific compliance violations, and gives you pre-defined polices that automatically:
- Monitor all user activity with mission-critical applications and data.
- Monitor privileged user activity to ensure accuracy of financial information.
- Address segregation of duties (privileged user data is stored outside of the control of the users being monitored).
- Correlate all database and file server changes to the company’s change control systems.
- Create detailed compliance reports on all privileged user database activity, from privilege escalation events and failed logins to schema changes and direct SQL access events.
Mantra’s change control feature also allows you to easily track database changes and reconcile them with change control tickets, ensuring that only authorized changes were made to the database.
Mantra is a high performance, network appliance that continuously monitors both network and local data traffic to database and file servers. Mantra is quick to deploy and very easy to use. It is non-intrusive, does not require any agents, and has no performance impact on production databases. Patent-pending Behavioral Fingerprinting® technology identifies anomalous or suspicious user behavior in real time, preventing unauthorized data access like data theft and breaches.
Features: key features of the Netezza Mantra data audit and compliance solution
Architecture: a look at the architecture behind the Mantra data audit and compliance appliance