Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary Β» SOX Β» Sarbanes-Oxley Act

Sarbanes-Oxley Act

After the enactment of several large-scale accounting frauds, the Sarbanes Oxley Act (SOX), passed in 2002 with influential backing from both Congressional parties, was intended to enhance the practice of auditing and public reporting. 

Drafted in honor of Senator Paul Sarbanes and Representative Michael Oxley, SOX reduces investor risk by promoting the credibility of companies’ financial statements.

This is because ISACA’s mission aligns with this goal. ISACA aims to empower IT governance, risk management, and cybersecurity professionals.

Some of the key sections include:

  • Section 302: They point out that the CEOS and CFOs of public companies must make certifications to ensure that the financial reports are accurate and contain no omissions and that the company has adequate internal controls.
  • Section 404: Also known as the heart of SOX, this section requires that companies develop documented internal controls and annual reports on these controls.
  • Section 806: Guard the whistleblowers and make sure employees can report fraud cases without expectation of being punished.
  • Section 802: This section stems from the β€˜audit trail’. It prescribes criminal sanctions to anyone who deletes or amends some of these records, and companies are expected to retain them for seven years.

Section 409: Business organizations are expected to provide the public with updated information when there is an alteration in the companies’ financial structural and operational patterns.

Additional reading

Risk Management Automation: A Comprehensive Guide

Running a business involves risksβ€”circumstances or incidents that could jeopardize your company’s capacity to continue operations. The ability to spot early signs of risk and mitigate them is essential for an organization to survive. Loss in resources and reputation can result from even the smallest elements being overlooked. Uncertain situations can probably be managed most…

Top 10 Policy Management Software by Use Case (2026)

TL;DR Policy management software creates structured governance: It centralizes drafting, approvals, distribution, attestations, and audit trails so policies aren’t scattered across drives and email threads. There are different categories of tools: From basic document repositories to dedicated lifecycle platforms, compliance automation tools, and full GRC systems that connect policies to risks and controls. The best…

What Is an Access Review?

November 12, 2021. A former South Georgia Medical Center employee made an unauthorized copy of a patient’s private data before leaving the company. The center had to provide patients with free credit monitoring and identity restoration to compensate for the disgruntled ex-employee’s actions. While this is the case of a malicious insider, there are other…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales