Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary Β» SOX Β» Sarbanes-Oxley Act

Sarbanes-Oxley Act

After the enactment of several large-scale accounting frauds, the Sarbanes Oxley Act (SOX), passed in 2002 with influential backing from both Congressional parties, was intended to enhance the practice of auditing and public reporting. 

Drafted in honor of Senator Paul Sarbanes and Representative Michael Oxley, SOX reduces investor risk by promoting the credibility of companies’ financial statements.

This is because ISACA’s mission aligns with this goal. ISACA aims to empower IT governance, risk management, and cybersecurity professionals.

Some of the key sections include:

  • Section 302: They point out that the CEOS and CFOs of public companies must make certifications to ensure that the financial reports are accurate and contain no omissions and that the company has adequate internal controls.
  • Section 404: Also known as the heart of SOX, this section requires that companies develop documented internal controls and annual reports on these controls.
  • Section 806: Guard the whistleblowers and make sure employees can report fraud cases without expectation of being punished.
  • Section 802: This section stems from the β€˜audit trail’. It prescribes criminal sanctions to anyone who deletes or amends some of these records, and companies are expected to retain them for seven years.

Section 409: Business organizations are expected to provide the public with updated information when there is an alteration in the companies’ financial structural and operational patterns.

Additional reading

ISO 42001 vs ISO 27001: Key Differences & Use Cases

ISO 27001 sets the standard for protecting sensitive data, locking down systems, and proving you’ve done the work, all under a framework called ISMS. ISO 42001 is newer and covers aspects that an ISMS can’t: the behavior and accountability of AI systems.  For example, businesses building or using AI, especially in sensitive environments, will likely…

14 Must-Attend Cybersecurity Summits in 2025

Cloud and AI technologies are no longer just future possibilitiesβ€”they’re pivotal elements of today’s security landscape, bringing with them new threats and stringent regulations that will reshape cybersecurity and GRC strategies in 2025.  As the landscape of cybersecurity and governance rapidly transforms, presenting both unprecedented challenges and opportunities, there’s a critical opportunity for professionals to…

Understanding FedRAMP Controls: An Up-to-date Guide (2025)

Let’s say your cloud platform is preparing for FedRAMP. You’ve likely heard terms like NIST controls, SSPs, and security audits in early planning calls. But what do these controls actually include? How many are relevant to your system? And how do they connect to the larger compliance process? These questions come up early and oftenβ€”and…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales