Sarbanes-Oxley (SOX) Act

SOX compliance is the act of adhering to the financial reporting, information security and auditing requirements of the Sarbanes-Oxley (SOX) Act, a US law that aims to prevent corporate fraud.

Attention: Nothing in this product or its documentation is considered legal guidance or direction. IBM does not provide legal advice. IBM recommends that customers and clients consult with the appropriate legal counsel as necessary.
To be SOX compliant, public companies doing business in the US must:
  • Implement internal controls to protect financial data from tampering.
  • File regular reports with the Securities and Exchange Commission (SEC) attesting to the effectiveness of security controls and the accuracy of financial disclosures.
  • Pass an annual independent audit of their financial statements and controls.

The SOX Act also sets rules for the accounting firms that audit public companies and the analysts who publish research on securities. The act imposes significant fines and criminal sentences for fraudulent financial activities and certain forms of noncompliance.

While SOX is a financial regulation, stakeholders throughout the organization are involved in achieving compliance. IT departments and cybersecurity teams have become particularly important as organizations increasingly turn to technology solutions to protect financial information in complex enterprise networks.

For more information, see https://sarbanes-oxley-act.com/.