Posts Tagged ‘SOX’

Legal Requirements for Information Security and Privacy Awareness and Training

Wednesday, March 30th, 2011

Earlier today following my online seminar, “Effective Training and Awareness: The Key to Information Security Success”  (, I received the following question: 

 Where might I locate a summary breakdown of training regulations by industry? i.e. Pharma 


Supporting Compliance With ITIL

Tuesday, December 18th, 2007

Organizations have faced legal and regulatory requirements for literally decades. However, IT compliance is relatively young.
U.S. healthcare organizations reacted with alarm over the passage of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The U.S. financial organizations soon followed suit with their reaction to the passage of the Gramm Leach Bliley Act (GLBA), also known as the Financial Modernization Act, of 1999. But probably the biggest whammy felt by the largest numbers of organizations was the passage of the Sarbanes Oxley (SOX) Act of 2002.


Use COSO for SOX and Other Compliance Activities

Sunday, September 23rd, 2007

On September 17 the COSO “Guidance on Monitoring Internal Control Systems” discussion document was released, with public comment on the paper being accepted until October 31.


Judge Finds Officers Not Accountable for SOX Report Errors

Saturday, September 1st, 2007

On August 21, 2007, there was a significant court decision made possibly impacting future Sarbanes-Oxley Act decisions in “CENTRAL LABORERS‚Äô PENSION FUND v.INTEGRATED ELECTRICAL SERVICES INC; HERBERT ALLEN; WILLIAM W REYNOLDS; JEFFREY PUGH


Laws, Standards, Mapping, and HIPAA

Friday, June 22nd, 2007

Today is the last day of Norwich University’s Masters programs residency week; this afternoon is graduation.
It has been a great week…I have loved chatting with the students and faculty, and I’ve compiled a page full of topics I want to research and blog about!


SEC Approved Multiple Compliance Guidance and Rules Documents For SOX, SMBs and Credit Rating Agencies

Thursday, May 24th, 2007

Yesterday the U.S. Securities and Exchange Commission (SEC) approved new guidance documents for SOX Section 404 compliance, modernization of smaller company capital — raising and disclosure requirements, and voted to adopt final rules to implement the Credit Rating Agency Reform Act of 2006.


Inefficient Compliance Activities Costs $$: Survey Says SOX Compliance Costs Were Down In 2006, But They Should Have Been Down More

Wednesday, May 23rd, 2007

On May 16 Financial Executives International (FEI) announced the results of their sixth Sarbanes-Oxley (SOX) compliance survey, based upon a poll of 200 companies subject to SOX. They’ll charge you $99 for the report if you aren’t an FEI member.
However, they give you some teasers on their site:


SOX Amendment Defeated: Information security and SMBs

Tuesday, May 1st, 2007

A week ago today (April 24, 2007) the senate defeated an amendment in a 35 – 62 vote for allowing more lax internal control reuiqements for small and medium sized businesses (SMBs) under the Sarbanes-Oxley Act (SOX).


SOX Compliance: Fraudsters Posing as Officials Selling “Compliance Solutions;” *NO* vendor Product Can Make an Organization 100% Compliant With ANY Regulation

Tuesday, April 24th, 2007

Something that has irritated me for a very long time are vendors who see a chance to make a quick buck off of worried organizations, afraid they are not going to be in compliance with new laws, and create junk products to sell to them using fear, uncertainty and doubt (FUD). FUD products.
I saw a lot of HIPAA FUD back when that regulation went into effect, and saw way too many people spending way too much money for so-called HIPAA security and privacy certifications offered by vendors who did not even have anyone on staff with any type of healthcare provider, payer or clearinghouse practitioner experience. Not to mention HIPAA compliance solutions.


PCAOB Formally Proposes New Auditing Standard for Section 404 of SOX

Wednesday, December 20th, 2006

Yesterday the SEC issued a press release regarding a Public Company Accounting Oversight Board (PCAOB) proposal for a new auditing standard for Section 404 of the Sarbanes-Oxley (SOX) Act. The goal of the proposal will be to strengthen investor protection while getting rid of what is referenced as the “unduly expensive and inefficient auditing standard under Section 404.”