Morland-Austin IT GRC Knowledge Base

Manage Data

IT GRC Knowledge Base » IT Compliance Management » IT Compliance Management – SOX 404 » SOX IT Controls » Manage Data

This article provides an overview of SOX 404 control Manage Data.

The typical SOX IT controls for Manage Data are as follows.

Back-ups
Description: A documented policy exists for the system back-up of production data.

Control Objective: Back-up and recovery procedures are designed to minimise the impact of a system failure.

Typical Evidence

  1. There is a documented process in place for system back-up.
  2. The process documents the scope of the back-ups.
  3. The process documents the back-up medium.
  4. The process documents the back-up frequency.
  5. The process documents the location of storage of back-ups and their encryption.

Recovery
Description: A documented policy or procedure exists for periodically testing the operational recovery of data from back-ups.

Control Objective: Back-up and recovery procedures are designed to minimise the impact of a system failure.

Typical Evidence:

  1. There is a documented process in place for back-up restoration.
  2. The process documents the recovery steps.
  3. The process documents the recovery validation steps.
  4. The process documents the restoration responsibilities.

Back-up failures
Description: A procedure exists for alerting support staff of back-up failures.

Control Objective: Back-up systems are properly maintained to ensure successful restoration.

Typical Evidence:

  1. There is a documented process in place for monitoring back-ups.
  2. The process includes back-up status monitoring.
  3. The process documents the steps taken in the event of an unsuccessful back-up.

For more information please contact Morland-Austin at info@morland-austin.com.