The Sarbanes-Oxley Act of 2002 (popularly known as 'SoX' or 'SOX') was passed to ensure that corporate executives are held responsible for establishing, evaluating and monitoring the effectiveness of internal controls over their financial reporting.

To ensure compliance, SOX has provisions that include both criminal and civil penalties for any violations:

1. Section 302 requires the Chief Executive Officer (CEO) and Chief Financial Officer (CFO) to certify that the financial reports are true and accurate, and that adequate controls exist over financial reporting and disclosure.

2. Section 404 describes these controls, requires that certification be reasonable and requires that outside auditors certify the existence of adequate controls over financial reporting.

3. Section 409 requires prompt reporting of any changes in financial condition that might be material to investors.

4. Section 802 mandates that companies and their auditors retain accounting documents and work papers for a minimum of seven years.

SOX specifically focuses on the accuracy of a company's financial records and controls around these records related to income, expenses, accounting, liabilities and so on.

Network security is a fundamental component of SOX compliance as a result of Auditing Standard 2 of the Public Companies Accounting Oversight Board (the PCAOB), which was created as a result of SOX to define auditing standards.

This standard states that senior management is responsible not only for financial information but also for the way that information is generated, accessed, collected, stored, processed and transmitted.

Now let us understand who gets impacted by the SOX,

Any company that is publicly traded in the United States is subject to SOX, including all their divisions and wholly owned subsidiaries. Also affected is any non-US public multinational company doing business in the United States. Finally, although not mandatory at this time, any private firm may wish to comply with the SOX financial framework requirements in preparation for an initial public offering (IPO), for private funding or for achieving a 'best practices' benchmark.

Any solution that addresses the issues raised by SOX requires a layered, integrated approach to security. A controls framework, such as International Organization for Standardization (ISO) 17799 / ISO & 27001 (previously BS 7799 ), or a process framework, such as Control Objective for Information and Related Technology (COBIT), can provide an organization with a best practice approach that underpins SOX compliance.