About Sarbanes Oxley (SOX) Compliance
The Sarbanes-Oxley Act (SOX) is intended to protect investors by improving the accuracy and reliability of corporate disclosures. SOX compliance legislates enhanced standards for all U.S. public company boards and management and public accounting firms. It includes regulations for financial practices and corporate governance.
Your Certified Platform for SOX Compliance
For many organizations, ensuring SOX compliance can consume a great deal of time and effort. Concerto Cloud Services platforms provide the data security and access controls needed for organizations to achieve strategic, proactive compliance.
Concerto Cloud Services is certified for SOX compliant platforms and offers the managed services to eliminate the work from achieving SOX compliance. Our approach includes pre-developed security standards and a number of processes to help ensure that financial and proprietary information in our environments remains private and user access is properly authenticated.
Our powerful, state-of-the-art security features include around-the-clock monitoring and management, and can satisfy SOX requirements for your infrastructure and cloud environment. However, there are times when an organization needs to implement a specific setting for additional regulatory compliance or to meet a unique requirement.
Our chart below can help you understand security options from Concerto Cloud Services.
Concerto Cloud Services Security Overview
Enhanced Security Package*
- Centralized and automated anti-malware and OS patching
- Identity Management
- True network segmentation and isolation from ingress to egress
- Data in-motion encryption by default
- Multiple firewall segments operating at layer 1-7 of the OSI stack
- State-of-the-art IDPS solution monitored and managed 24x7 by a dedicated security operations center
- Reverse Proxy services
- “Other” proprietary security mechanisms and practices
- Intelligent, multi-point syslog solution
- SIEM (Security Information and Event Management) Encryption
- Syslog (Logging)
- Two-factor authentication
- Encryption (Required for many regulatory requirements such as FIPS-140-2, HIPAA, and more)
- One Vulnerability and Penetration Test per year, with a report to the customer of the findings
*Any Enhanced Security Package item can be added individually.
| Additional vulnerability or penetration tests Additional storage for retention of logging files Any Enhanced Security Package item ||