We republished an editorial recently that I wrote early on when the Sarbanes Oxley Act (SOX) was starting to become a part of daily life for IT people. SOX was really written to the rest of the business, requiring accountability from the executives in a corporation. However it seemed to quickly become a burden for many IT departments, with the interpretations of the act requiring additional documentation for all actions. There were often security changes required that interfered with the way in which many technology groups operated.
The act was passed in 2002, nearly a decade ago. Now that it’s been a part of public corporate life, I wanted to ask the data professionals out there what they think of the act and its impact on their jobs. For this Friday’s poll:
Does SOX impact your work?
Is there an increased level of effort and work for you or is it just a part of your job now that you accept and are used to? I would think that after years of being subject to the regulation that most people would be used to it by now.
I know when the act was first passed there was concern that our IT department would be understaffed for the documentation that was required. However we were an ISO 9001 certified organization, and we quickly realized that much of our work to maintain our ISO status could be re-used for SOX compliance as well.
The biggest hurdle we faced was in implementing better separation for development and production groups to ensure that systems were accessed by the appropriate individuals. It seemed to me that this was a change for the better at my company, providing better security for us.