Sample SOX Policy Statements
Below Sample SOX Policy Statements:
The design, implementation, and operation of all information technology systems and the business processes they support shall be done in a manner that respects the maintenance of privacy of personally identifying information, personal medical information, and personal financial information for customers and employees alike.
Employee measures: Adequate controls will be implemented across all systems to ensure that only employees and designated human resources office staff are permitted access to employee personal privacy information. The HR director only may grant managers access to employee privacy information upon authorization. Systems design will not permit access by system administrators; encryption in storage and passwords will be required for employee and HR access.
Customer measures: Adequate controls will be implemented across all systems to ensure that only customers and their designated sales representative are permitted access to customer personal privacy information and nonaggregated purchasing records. Systems design will not permit access by system administrators; encryption in storage and passwords will be required for customer and sales representative access.
Sales representative will be limited for access by directory entries to only to their current and 90-day former customers. All customer Web transactions will require encryption and two-factor authentication to protect the data in transit.
Popularity: 17% [?]
