Among the many requirements mandated by the Sarbanes-Oxley Act is timely reporting on a companys level of compliance. Once the firms starting point has been determined, long-term compliance monitoring is the next step, involving software and systems that provide the security and electronic audit trails necessary to guarantee ongoing compliance.
Ecora Software Corp. announced the latest version of its Enterprise Auditor software suite on Monday. The updated suite includes a new SOX (Sarbanes-Oxley) Report Pack that helps IT staffs prepare documents to prove compliance with SarbOx mandates in an ongoing and timely manner.
Ecora developed the SOX Report Pack for Enterprise Auditor to help companies understand valid internal controls as specified by SarbOx.
The SOX Report Pack ships with a working template of IT internal controls and automates data collection and reporting. The product includes 25 reports, organized within six categories, which can be used to test IT controls and demonstrate compliance.
The report categories are Confirm Access Rights, Ensure Ability to Track User Activity, Ensure Only Required Applications and Services, Ensure Password Policies, Ensure Security Configurations, and Protect Against Viruses, Malicious Code and Unauthorized Software.
“There is no one-size-fits-all checklist showing how to comply with SOX,” said Scott Carpenter, Enterprise Auditor product manager for Ecora. “So we worked with our customers to build examples of how to demonstrate the integrity of systems that house sensitive information. The resulting SOX Report Pack is resulting in dramatic time-saving by identifying and developing the reports users need for SOX compliance right out of the box.”
Enterprise Auditor features change-tracking capability that can provide a single report that identifies changes to all supported platforms.
Users drag and drop the configuration settings on which they need to report, while Visio diagrams are generated that provide network illustrations of the systems and configurations for the reports.
Randy Samora, systems administrator with Landata Technologies Inc., is an Enterprise Auditor, and appreciates the ways the package saves him time.
“Weve been using Enterprise Auditor for a while, so we were well prepared to meet SOX requirements. When we had an event that changed all the permissions on a server, we were able to use the Ecora software to quickly recover and identify all the appropriate permissions. Situations such as that demonstrate that we have the necessary controls for SOX compliance,” Samora said.
The latest version of Enterprise Auditor offers a set of modules that collect configuration settings specifically for each of the platforms it supports.
This includes Windows servers and workstations, HP-UX, IBM AIX, Sun Solaris, Red Hat Linux, Novell Netware, Novell Directory Services, Cisco, MS-SQL, Exchange, IIS (Internet Information Services), Active Directory and Oracle. It also has an updated Lotus Domino module that provides access to reports, automatic alerting and archival capabilities.
“Companies are just now learning of the time and costs associated with the internal controls provisions stated under Section 404 of the Sarbanes-Oxley Act,” said Alex Bakman, founder and CEO of Ecora.
“With Enterprise Auditor, weve made multiplatform configuration reporting such a simplistic task that our customers are moving from a reactive to a proactive mode in how they approach SOX compliance,” Bakman said.
Enterprise Auditors updated Windows module now collects critical configuration settings for Terminal Services, Scheduled Jobs and SNMP settings, which are the focus of many security audits.
Similarly, the suites Citrix module collects data on ICA Keep Alive farm settings, Citrix connections, Data Store settings, the ICA Client Update Databases and the Citrix SSL Relay Configuration.
Enterprise Auditor for Windows Servers and Enterprise Auditor for Unix/Linux Servers are priced at $995 per server.