Sarbanes-Oxley Compliance Statement
SyncHaven.net Sarbanes-Oxley Compliance Statement
The Sarbanes-Oxley Act of 2002 requires that public companies implement IT controls to assure the accuracy of company financial records.
These controls must include IT processes that provide for the security of data, central management of user accounts and the ability to audit and report on both internal and external file transfers.
Sarbanes-Oxley does not, however, define the specifics as to how these controls must be implemented. Therefore, many companies and Sarbanes-Oxley auditors have adopted a standard called COBIT for documenting, defining and evaluating internal IT controls.
Our offsite filesystem is a platform independent, external repository for computer data that can be accessed over cryptographically secure channels, including sftp, scp, rsync, secure WebDAV (over SSL). The resulting remote data store can be encrypted using any number of open encryption standards, such as PGP/GPG, Truecrypt, etc.
When used properly, our offsite filesystem may satisfy some or all of the COBIT controls and may assist you in meeting your requirements under the Sarbanes-Oxley act.
COBIT Control Objectives and SyncHaven.net Offsite filesystem
|DS1.5||Monitoring and Reporting||rsync, sftp and scp clients can be configured to send email reports as well as produce time-variable data for graphing and analysis.
|DS5.1||Remote Management||offsite remote filesystems, and the tools one uses to access them, can be managed remotely over secure channels.|
|DS5.3||Identity Management||offsite remote filesystems can use multiple authentication models including username/password pairs and standard, OpenSSH PKI mechanisms.|
|DS5.4||User Account Management||our offsite filesystems allows complete flexibility in managing users and groups as well as unlimited technical support for user and group management.|
|DS5.5||Abnormal Activity Detection||offsite filesystems allows the remote analysis of the remote filesystem as well as custom analysis of file and directories that can enable sophisticated intrusion detection and abnormal activity detection models.|
|DS5.7||Protection of Security Technology||our offsite filesystems Secure FTP Server encrypts any sensitive information that may be found in server configuration files.|
|DS5.8||Cryptographic Key Management||Our offsite filesystems supports open standards for the management of OpenSSH, Putty and other public/private key-pairs for use with OpenSSH. In addition, resources such as our CA Root Certificate and PGP public keys are available to our customers. Customers have a wide variety of standards-based Windows, Mac and Unix tools for the management of these standard keys.|
|DS5.10||Network Security||our remote filesystems are accessible via the SSH protocol and the WebDAV protocol over Secure Sockets Layer (SSL).|
|DS5.11||Exchange of Sensitive Data||The data stored on our filesystems may be encrypted in any manner the owner sees fit, using any number of encryption utilities such as PGP/GPG and Truecrypt.|
|DS11.5||Backup and Restoration||our remote filesystems may serve as a repository for backup data/files that can later be restored to an arbitrary location.|
|DS11.6||Data Security||The data stored on our filesystems may be encrypted in any manner the owner sees fit, using any number of encryption utilities such as PGP/GPG and Truecrypt.|
|DS13.2||Job Scheduling||our filesystems may be written to and read from, on a schedule using the built-in tools of your OS (the Unix crontab, the Windows Scheduled task, the OSX crontab, etc.) or using any other scheduling or automation tool you choose.|