ADManager Plus Help Documents

Binding to the SOX regulations is not an option. It is rather a mandatory process that imposes all publicly-traded companies to submit an annual report containing details of their internal accounting structure to the Securities and Exchange Commission (SEC).

Non Compliance with SOX guidelines could lead to penalties including multi-million dollar fines, dismissal of exchange listings and in worst cases, even imprisonment of those officials involved in the misappropriation of financial data.

Enterprises today, depend on IT to manage the internal controls by providing a secure Identity and Access Management(IAM) solution so as to comply with the SOX guidelines. It has become the primary function of IT to ensure that all financial transactions and data entry are carried out only by authorized personnel.

SOX comprises multiple titles/sections, each corresponding to specific guidelines. However, Section 404 and (to a certain extent) Section 302 relate how IT can help achieve the SOX compliance. Section 409 is also considered important by some IT executives.

Active Directory is a secure, distributed, partitioned and replicated directory service that runs on Microsoft Windows based machines. Active Directory offers enterprises, significant assistance in the implementation of SOX standards, provided all financial data are stored in a Windows machine. The Active Directory provides:

• Adequate control over network identities and access permissions within the organization(IAM).
• Regular and central authentication of users by Administrators.
• Delegation and provision of access to the resources each user needs.
• A central repository of audit logs for tracking all access attempts.

In addition to the above features, Active Directory when governed by an auditing, logging and reporting tool can make remarkable contributions to meet SOX compliant audits needs.

• Security Policies and Procedures
• Risk Analysis and Management
• Disaster Recovery
• Auditing