The Sarbanes-Oxley Act (SOX) regulates financial reporting and auditing of publicly traded companies. The law establishes strict requirements for reporting, disclosure, and internal controls and defines penalties for non-compliance. The SOX Act forms a structure for corporate governance, establishing higher levels of fiscal accountability for U.S. businesses. Company officers could face criminal litigation and penalties if found to be non-compliant.
Sections 302 and 304 of the Sarbanes-Oxley (SOX) Act set standards related to data protection, applying to US public companies and accounting firms.
Thales can help organizations meet Sarbanes-Oxley (SOX) compliance requirements through:
Sarbanes-Oxley Act section 404 has two major compliance requirements:
Sarbanes-Oxley Act section 302 expands this with compliance requirements to:
The SOX compliance requirement implications for public companies to protect data are:
Thales provides key portions of the solution to Sarbanes-Oxley (SOX) compliance problems, providing security controls that enable organizations to safeguard and audit the integrity of financial data across widespread heterogeneous infrastructures. These portions of SOX compliance solutions include virtualized environments and cloud implementations, with big data usage as well as within traditional data centers against a broad range of threats against data.
The combination of encryption, integrated key management and access controls meets the needs for creating and maintaining access controls to financial data. Only authorized personnel and programs see decrypted information, while all others have no access to the data. Security intelligence information from Thales details who accesses data, leaving a clear audit trail. This enables extended security controls for recognizing compromised accounts. This single platform solution to multiple data protection needs helps organizations meet Sarbanes-Oxley compliance requirements with low TCO and an easy-to-deploy, centrally managed infrastructure and solution set.
Thales’ SafeNet multi-factor authentication secures access to corporate networks, protecting the identities of users, and ensuring that a user is who he or she claims to be.
Vormetric Transparent Encryption from Thales provides file and volume level data-at-rest encryption and integrated, secure key management with a best practices implementation. Access controls extend protection from data breaches by limiting data access to only authorized personnel and programs. And data access monitoring provides the security intelligence information required to identify accounts that may represent a threat because of a malicious insider, or a compromise of account credentials by malware.
SafeNet FIPS-certified network encryption devices from Thales offer proven high-assurance network security for your sensitive data in motion, including real-time video and voice.
Vormetric Application Encryption from Thales adds another layer of protection, enabling organizations to easily build encryption capabilities into internal applications at the field and column level.
Vormetric Key Management from Thales enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.
Thales Hardware Security Modules (HSMs) provide reliable protection for transactions, identities, and applications by securing cryptographic keys and provisioning encryption, decryption, authentication, and digital signing services.
Le RGPD est peut-être la norme de confidentialité des données la plus complète à ce jour. Elle concerne toute organisation qui traite les données personnelles des citoyens de l'UE - quel que soit le lieu du siège de l'organisation.
Toute organisation qui joue un rôle dans le traitement des paiements par carte de crédit et de débit doit se conformer aux exigences strictes de conformité PCI DSS pour le traitement, le stockage et la transmission des données de compte.
Partout dans le monde, des nouvelles exigences en matière de notification des brèches de données ont vu le jour suite à la perte d'informations personnelles. Elles varient selon les juridictions mais comprennent presque toutes une clause de "safe harbour".
Également connue sous le nom de Financial Services Modernization Act, le GLBA s’applique aux institutions financières américaines et régit le traitement sécurisé des informations personnelles non publiques, y compris les dossiers financiers et autres informations personnelles.
The National Credit Union Administration conducts audits of credit unions based on principles and standards outlined by the Federal Financial Institutions Examination Council (FFIEC). The FFIEC standards call for numerous security controls, including data access controls, encryption and key management and security monitoring.