Using ISMS results to prove SOX-ITGC controls
Can I use ISMS results to prove SOX-ITGC controls?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
IT General Controls (ITGC) are controls that are common to IT processes, providing stable and effective operation of application controls. They cover fields like creation/acquisition of systems, SDLC Process, access control, backup, change control, etc.
SOX is a United States federal law, that sets requirements for improving the accuracy and reliability of financial disclosures of organizations trading on U.S. territory.
Considering that, an ISMS compliant with ISO 27001 can be one way to fulfill the requirements of SOX-ITGC.
However, being compliant with ISO 27001 would not enable you full compliance with SOX-ITGC, this could only be a part of your compliance effort.
For more information, please see:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- How can ISO 27001 help you comply with SOX section 404 https://advisera.com/27001academy/blog/2017/11/21/how-can-iso-27001-help-you-comply-with-sox-section-404/
Comment as guest or Sign in
Oct 25, 2022