The Sarbanes-Oxley Act requires U.S. public companies to maintain and assess internal control over financial reporting (ICFR), including the IT general controls that support financial systems.
The Sarbanes-Oxley Act is U.S. law enacted to protect investors by improving the accuracy of corporate financial reporting. For technology teams, its practical impact is IT general controls (ITGCs) — controls over access, change management, and operations of the systems that support financial reporting. Section 404 requires management to assess internal control over financial reporting (ICFR), and external auditors attest to it for applicable filers.
SOX compliance is an annual, ongoing obligation tied to financial reporting cycles rather than a one-time certification. The work centers on operating and evidencing ITGCs throughout the year.
Public information about the framework itself. We don't claim certifications, assessment status, or authorizations for our own product.
How the platform supports your SOX program — from first scope to ongoing monitoring.
Determine which systems support financial reporting and fall under ITGC scope.
Connect access, change, and operations controls to tests and evidence.
Keep access and change-management controls monitored throughout the year.
Organize evidence for management's assessment and the external auditor.
Public, high-level control or requirement areas — for orientation, not a complete control list.
SOX shares controls with frameworks you may already run. A passing test can satisfy requirements in more than one place — so adding the next framework means reusing work, not repeating it.
IT general controls govern access to programs and data, change management, and computer operations for systems that support financial reporting.
They share many access and change-management controls, so security evidence can often be reused via cross-mapping.
Section 404 requires management to assess the effectiveness of internal control over financial reporting, with external auditor attestation for applicable filers.
Get a guided demo, or start by scanning any domain for free.