What is SOX Cybersecurity?
The term “SOX Cybersecurity” refers to the compliance-related cybersecurity practices and controls implemented to comply with the Sarbanes-Oxley Act (SOX), a US Federal law. SOX applies to publicly-traded corporations in the US and exists to protect financial investors by improving the accuracy and reliability of corporate disclosures.
SOX became a law due to the accounting scandals at Enron, WorldCom, Global Crossing, Tyco and Arthur Andersen, that resulted in billions of dollars in corporate and investor losses. These massive financial losses negatively impacted the financial markets and general investor trust.
SOX compliance itself is organized into eleven (11) sections, but sections 302, 404, 401, 409, 802 and 906 are the most important in terms of cybersecurity compliance. More specifically, SOX:
- Established new accountability standards for corporate boards and auditors;
- Established a Public Company Accounting Oversight Board (PCAOB) under the Security and Exchange Commission (SEC); and
- Specified civil and criminal penalties for noncompliance.