What is SOX?

SOX, or the Sarbanes-Oxley Act of 2002, imposes joint responsibility on auditors and management for the detection of fraud and external threats. It is designed to help protect investors and bolster trustworthiness of corporate financial statements by requiring stringent record keeping, audits and controls, as well as outlining requirements for IT regarding electronic records.


increase in the number of hours required for SOX compliance 1


of organizations use tools like automated controls testing 2

Who must comply with SOX?

  • All publicly-traded companies in the United States, including all wholly-owned subsidiaries
  • All publicly-traded non-U.S. companies doing in business in the United States
  • Any private company that is preparing for their initial public offering (IPO)

What are the key SOX areas identity governance addresses?

This law requires public companies to strengthen audit committees, perform internal controls tests, include internal controls reporting with all financial reports and provide audit trails of all access and activity to sensitive business information.

Internal controls

  • Process
  • Policies
  • Activities

Compliance and reporting

  • Transparency
  • Accuracy


  • Accountability
  • Responsibility
  • Avoidance of conflict of interest

What if your organization doesn’t comply?

Penalties for failure to comply with SOX affect corporations and their corporate officers personally. Companies can be subject to lawsuits, fines, negative publicity and can even be subject to delisting. A corporate officer who does not comply or submits an inaccurate certification is subject to a fine up to $1 million and 10 years in prison, even if done mistakenly. If a wrong certification was submitted purposely, the fine can be up to $5 million and 20 years in prison.

Get compliant and stay compliant


Getting compliant with identity governance for files


How identity governance helps ensure SOX compliance

Identity governance gives you the ability to quickly and easily demonstrate SOX compliance to auditors in the following ways:

Control all access
Implement, enforce and monitor access controls and processes to adhere to SOX requirements by ensuring only the right users have access to the right data, adjusting access as users change roles and automatically terminating access upon departure.

Reduce risk of fraud or compliance violations
Enforce separation-of-duty controls to detect and prevent access -related conflicts of interest and information theft across all critical systems and applications.

Identify compliance gaps
Perform automated routine compliance checks to certify that user access is compliant and help uncover compliance gaps to ensure each user only has the access they need to do their job.

Always be audit-ready
Quickly generate a complete audit trail and ad-hoc reports to prove SOX compliance and reduce the disruption an audit can have on your organization.

Automate and optimize compliance
Improve overall performance, reduce cycle times and increase organization visibility with automated, streamlined compliance controls.

How does our open cloud identity governance platform help your business?

We make it possible for you to see and control access to all apps and data for all users, including non-human ones like bots.