Sarbanes-Oxley Compliance Demands IT Change Control And Management

The changing IT compliance landscape presents companies with an ongoing need for accountability, control, and security around their technology systems. Federal regulations such as Sarbanes-Oxley (SOX), the HIPAA Security Rule, and Gramm-Leach-Bliley Act were created and mandated to curb corporate corruption, protect individual privacy, and strengthen overall information security. These federal regulations all require change control and management capabilities within information technology systems.

The SOX regulation focuses on the general controls surrounding the financial systems of publicly traded companies. Private companies, however, are feeling a ripple effect from this federal regulation as public companies ask their "privately held" suppliers and vendors to demonstrate what has become known as "SOX-like" compliance. This is being done in order to better control the integrity of shared data systems and manage compliance risks that public companies associate with these business relationships.

Today's SOX world mandates that regulated companies must perform periodic testing and assessment to confirm that their software and network infrastructure is appropriately configured. Along with this, the regulation requires that a problem management system must be defined and in place to ensure that operational events that are not standard operation (incidents, problems and errors) are recorded, analyzed, and resolved in a timely manner. The problem management system must also provide for adequate audit trails, which allow tracing from incident to underlying cause.