Section 404 SOX Compliance

A complete federated identity access management and collaboration platform to comply with Sarbanes-Oxley.
Business problem
Sarbanes-Oxley Act (SOX) was passed to reform the accounting practices, financial disclosures and corporate governance of public companies.

Section 404 of SOX requires the management to perform an annual assessment of internal controls over financial disclosures and obtain attestation from external auditors.

Compliance requires major changes in corporate governance, accounting, auditing and financial reporting practices. It requires companies to strengthen and document their internal controls and corporate IT systems to support the affected business processes. It requires adherence to structured, documented identity access management security practices that protect information.

Compliance creates new demands on IT. Systems once thought to be secure and capable of maintaining user confidentiality must be readdressed. Unauthorized access to systems and the data they contain may unwittingly permit individuals to alter information or commit acts of fraud that may damage the company and cause it to violate regulatory standards.
SOX is just one of many pieces of legislation that require this level of compliance: Gramm - Leach - Bliley Act (GLB), 21 CFR Part 11, HIPAA, and the California Database Security Breach Notification Act are examples of the many items enacted within the last several years.
Solution

Properly protecting systems is a three-fold process.
Ensure that only authorized users are allowed access to systems.

Employ access granularity that specifically defines what people can view or actions they can take once they have gained access to the systems. For example, a financial analyst may be granted access to view financial data for report construction but not be allowed to initiate a transaction or modify the information.

Maintain centralized control over who is authorized to access particular systems, what information within the system they are authorized to access, and when a user leaves the company, ensures their access rights are completely revoked from all systems.