The Board of Directors of healthcare organizations is increasingly looking at Sarbanes-Oxley (SOX) as the framework for internal controls over financial reporting systems. SOX impacts technology as well as security priorities within organizations.
The Sarbanes-Oxley Act of 2002, officially the U.S. Public Company Accounting Reform and Investor Protection Act of 2002, also referred to as SOX, is having an impact on an organization’s IT especially security systems, practices and controls. Non-compliance with SOX could result in a prison sentence for executives.
SOX does not specifically address information security requirements. However, security has emerged as a key component for SOX compliance. The security implications of SOX Section 404 specifically are the focus of this article. From the perspective of enterprises – they require mechanisms to ensure the confidentiality, integrity and availability of their vital information. That is businesses require a proactive information security capability on the infrastructure. IT professionals will be well served by being knowledgeable about this legislation and its impact on technology requirements for the enterprise infrastructure.
Many in the industry consider Section 404 to be the most critical part of SOX. Section 404 requires an internal control report.
A framework increasingly depended upon by many businesses for compliance with regulations such as Sarbanes-Oxley is the IT Governance Institute’s Control Objectives for Information and related Technology (COBIT). Another important standard that organizations need to review closely for information security is the ISO 17799:2005.
COBIT is a comprehensive framework that includes a list of controls that should be followed by organizations to ensure that business practices align with regulatory requirements. By adopting a framework such as COBIT, organizations can navigate the complex requirements of regulations and be positioned for efficient and effective compliance as legislative changes are further introduced. COBIT is compliant with the Committee of the Sponsoring Organizations of the Treadway Commission (COSO), and thus enables organizations to meet SOX requirements. COSO is an internal control framework whose objectives are met by COBIT.
For an updated quick reference guide on SOX, please contact AHA Solutions at technologysolutions@aha.org
For more information visit www.aha-solutions.org, contact Lorna Waggoner at 1.877.899.9974 x17 or visit www.HIPAAAcademy.net
HIPAA Tip
Get HIPAA Certified On-line!
CHP Exam is Now On-line!
HIPAA Academy, the industry’s leading provider of HIPAA training, certification and consulting, has made available on-line the content and exams for HIPAA Academy’s Certified HIPAA Professional (CHP) and the Certified HIPAA Security Specialist (CHSS). Recent clients include many hospitals, long term care organizations, BCBS, several business associates and leading firms such as IBM, HP, E&Y, Kaiser Permanente and others. Review the content and take the exams on-line. Get certified. For details, please visit www.HIPAAAcademy.Net.
Compliance Portal Delivers 1-Click Access to Regulations!
ecfirst, the industry’s leading provider of compliance training, certification and consulting, has launched the industry’s most comprehensive compliance and security portal. Please visit www.ecfirst.com and click on Compliance Portal. Compliance Portal provides one-click access to all major information security and associated compliance requirements including HIPAA, PCI DSS, ISO 17799:2005 (ISO 27002), FISMA and many others.
