Computer, Network and Information Security Consulting Services
› return to original page

Sarbanes-Oxley and IT Regulations

Preparing for Sarbanes-Oxley (SOX) Sec. 404 requires a structured and measured approach; otherwise an organization will find itself doing "too much" or "too little". The current PCAOB rules require auditors to attest on "management assessment process". As such, the readiness roadmap that Polar Cove clients follow will serve to demonstrate the assessment process through a series of steps and activities that align to the PCAOB rules and CobiT guidelines.

Polar Cove has expertise and extensive experience in IT Controls and Frameworks. Our certified professionals are familiar with all aspects of COSO and CobiT. As a consulting service, Polar Cove works with top management, helping to ensure that decisions about SOX compliance meet both the needs of each company and the requirements of SOX.

Polar Cove compliance assessment includes these and other requirements:

United States of America

  • USA Government Information Security Reform Act of 2000 Section 3534(a)(1)(A)
  • Health Insurance Portability and Accountability Act of 1996 (HIPAA).
  • OCR HIPAA Privacy TA 164.502E.001, Business Associates [45 CFR §§ 160.103, 164.502(e), 164.514(e)]
  • OCR HIPAA Privacy TA 164.514E.001 Health-Related Communications and Marketing [45CFR §§ 164.501, 164.514(e)]
  • OCR HIPAA Privacy TA 164.502B.001, Minimum Necessary [45CFR §§ 164.502(b), 164.514(d)]
  • OCR HIPAA Privacy TA 164.501.002, Payment [45 CFR 164.501]

Canada

  • Provincial Law of Quebec, Canada Act Respecting the Protection of Personal Information in the Private Sector (1993).

United Kingdom

  • UK Data Protection Act 1998

Australia

  • Privacy Act Amendments of Australia-Act No. 119 of 1988 as amended, prepared on 2 August 2001 incorporating amendments up to Act No. 55 of 2001. The Privacy Act 1988 (Cth) (The Privacy Act) seeks to balance individual privacy with the public interest in law enforcement and regulatory objectives of government.
  • National Privacy Principal (NPP) 6 provides that an individual with a right of access to information held about them by an organization.
  • National Privacy Principal (NPP) 4.1 provides that an organization must take reasonable steps to protect the personal information it holds from misuse and loss from unauthorized access, modifications or disclosure.

IS 17799-2000 (BS 7799)
Polar Cove's Compliance Audit fully complies with all of the remote auditing and testing requirements of BS7799 (and its International equivalent ISO 17799) for information and security testing.

GAO and FISCAM
Polar Cove's Compliance Audit is fully in compliance with the control activities found in the US General Accounting Office's (GAO) Federal Information System Control Audit Manual (FIACAM) where they apply to network security.

CASPR
Polar Cove's Compliance Audit is in full compliance with the best practices and guidelines set forth by document control and peer review from the members of the Commonly Accepted Security Practices and Recommendations (CASPR) of which this manual will fulfill a Best Practices need for Security Testing in Internet Security.

OWASP
Polar Cove's Compliance Audit is in full compliance with the remote security testing and auditing of web applications as per the Open Web Application Security Project (OWASP).

SET
Polar Cove's Compliance Audit fully incorporates the remote auditing test from the SET Secure Electronic Transaction™ Compliance Testing Policies and Procedures, Version 4.1, February 22, 2000.

 


© 2006     Polar Cove