Sarbanes-Oxley Compliance Statement
Last Updated on Wednesday, 14 October 2009 10:17 Written by Administrator Monday, 30 March 2009 11:59
SyncHaven.net Sarbanes-Oxley Compliance Statement
The Sarbanes-Oxley Act of 2002 requires that public companies implement IT controls to assure the accuracy of company financial records.
These controls must include IT processes that provide for the security of data, central management of user accounts and the ability to audit and report on both internal and external file transfers.
Sarbanes-Oxley does not, however, define the specifics as to how these controls must be implemented. Therefore, many companies and Sarbanes-Oxley auditors have adopted a standard called COBIT for documenting, defining and evaluating internal IT controls.
Our offsite filesystem is a platform independent, external repository for computer data that can be accessed over cryptographically secure channels, including sftp, scp, rsync, secure WebDAV (over SSL). The resulting remote data store can be encrypted using any number of open encryption standards, such as PGP/GPG, Truecrypt, etc.
When used properly, our offsite filesystem may satisfy some or all of the COBIT controls and may assist you in meeting your requirements under the Sarbanes-Oxley act.
COBIT Control Objectives and SyncHaven.net Offsite filesystem
| COBIT | Description | Solution |
| DS1.5 | Monitoring and Reporting | rsync, sftp and scp clients can be configured to send email reports as well as produce time-variable data for graphing and analysis. |
| DS5.1 | Remote Management | offsite remote filesystems, and the tools one uses to access them, can be managed remotely over secure channels. |
| DS5.3 | Identity Management | offsite remote filesystems can use multiple authentication models including username/password pairs and standard, OpenSSH PKI mechanisms. |
| DS5.4 | User Account Management | our offsite filesystems allows complete flexibility in managing users and groups as well as unlimited technical support for user and group management. |
| DS5.5 | Abnormal Activity Detection | offsite filesystems allows the remote analysis of the remote filesystem as well as custom analysis of file and directories that can enable sophisticated intrusion detection and abnormal activity detection models. |
| DS5.7 | Protection of Security Technology | our offsite filesystems Secure FTP Server encrypts any sensitive information that may be found in server configuration files. |
| DS5.8 | Cryptographic Key Management | Our offsite filesystems supports open standards for the management of OpenSSH, Putty and other public/private key-pairs for use with OpenSSH. In addition, resources such as our CA Root Certificate and PGP public keys are available to our customers. Customers have a wide variety of standards-based Windows, Mac and Unix tools for the management of these standard keys. |
| DS5.10 | Network Security | our remote filesystems are accessible via the SSH protocol and the WebDAV protocol over Secure Sockets Layer (SSL). |
| DS5.11 | Exchange of Sensitive Data | The data stored on our filesystems may be encrypted in any manner the owner sees fit, using any number of encryption utilities such as PGP/GPG and Truecrypt. |
| DS11.5 | Backup and Restoration | our remote filesystems may serve as a repository for backup data/files that can later be restored to an arbitrary location. |
| DS11.6 | Data Security | The data stored on our filesystems may be encrypted in any manner the owner sees fit, using any number of encryption utilities such as PGP/GPG and Truecrypt. |
| DS13.2 | Job Scheduling | our filesystems may be written to and read from, on a schedule using the built-in tools of your OS (the Unix crontab, the Windows Scheduled task, the OSX crontab, etc.) or using any other scheduling or automation tool you choose. |
RsyncNavigator - Unix / Linux
RsyncNavigatorTM is a utility to implement and manage 'rsync' operations for local server-to-server or integrate seamlessly with our Offsite Filesystem for offsite data synchronization.This lightweight utility will take the guesswork out of setting up secure data synchronization between servers utilizing 'rsync'.
Features include:
- Synchronize data from the local server to the remote server
- Synchronize data from the remote server back to the local server
- Support for multiple server profiles
- SSH Setup – Easily setup SSH keys between servers
- Job Scheduler – Schedule jobs for automated synchronization
- Logs – Log file stores history of unattended jobs
Offsite Data Storage
Synchronize your critical data to a remote server for safe, secure offsite data storage.
– Synchronization for Windows - Mac - Unix / Linux
– Encrypted, snapshots, IPV6, sshFS
– rsync, ftp/sftp/scp, rdiff-backup, WebDAV...
– Subversion/MySQL/Postgres/Exchange/SQL
♦ Unlimited bandwidth
♦ No setup fees
♦ No lock-in contracts
Standard Offsite Filesystem
Full featured account, data stored in one location: $1.75 per GB/mo
Geo-Redundant Offsite Filesystem
Data is automatically replicated to a second, redundant location: $2.85 per GB/mo
Unique Features
Offsite Filesystem
- Geographic Redundancy
- Premium Connectivity
- Automate with SSH keys
- Run remote commands
- HIPAA/SOX Compliant