Sarbanes-Oxley (SOX) was signed into law back in 2002. SOX is aimed at giving investors confidence in the financial data provided by the company. The key part of the SOX act is in Section 404. Section 404, titled “Management Assessment of Internal Controls” requires management to take responsibility for the integrity of their financial information. To accomplish this, IT processes, procedures, and systems must be evaluated to provide evidence that the company has kept sensitive data secured. While IT is not specifically addressed in the legislation, it is implied. Read more here…