The Sarbanes–Oxley Act, also known as the 'Public Company Accounting Reform and Investor Protection Act' (in the Senate) and 'Corporate and Auditing Accountability and Responsibility Act' (in the House) and commonly called Sarbanes–Oxley, Sarbox or SoX, is a United States federal law enacted on July 30, 2002, which set new or enhanced standards for all U.S. public company boards, management and public accounting firms. 

Sarbanes-Oxley Information Security

The principal section of the Sarbanes-Oxley Act which relates to "Information Technology" Section 404 (commonly referred to as SoX-404).

SoX 404 is designed to ensure that there are sufficient controls to prevent fraud, misuse and/or loss of financial data and transactions.  These controls must be effective and be able to rapidly detect problems as they occur in order to limit damage.

Protection of Sensitive User Information

The entire process of  information collection, processing and storage needs careful scrutinization in order to protect:  customer names & account numbers, passwords, Social Security numbers, driver’s license numbers, birth dates, etc. 

Consideration needs given to:  Front-End Security, Back-End Security, and Perimeter (Network) Security.  If your firm would like to engage Metro Data, Inc. to assist your I.T. department, provide independent review, or to perform testing, please contact us today at 410-667-3600.