The Sarbanes-Oxley Act of 2002 requires that public companies implement IT controls to assure the accuracy of company financial records.
These controls must include IT processes that provide for the security of data, central management of user accounts and the ability to audit and report on both internal and external file transfers.
Sarbanes-Oxley does not, however, define the specifics as to how these controls must be implemented. Therefore, many companies and Sarbanes-Oxley auditors have adopted a standard called COBIT for documenting, defining and evaluating internal IT controls.
rsync.net is a platform independent, external repository for computer data that can be accessed over cryptographically secure channels, including sftp, scp, rsync, secure WebDAV (over SSL). The resulting remote data store can be encrypted using any number of open encryption standards, such as PGP/GPG, Truecrypt, etc.
When used properly, an rsync.net offsite filesystem may satisfy some or all of the COBIT controls and may assist you in meeting your requirements under the Sarbanes-Oxley act.
COBIT Control Objectives and rsync.net
|DS1.5||Monitoring and Reporting||rsync, sftp and scp clients can be configured to send email reports as well as produce time-variable data for graphing and analysis.
|DS5.1||Remote Management||rsync.net remote filesystems, and the tools one uses to access them, can be managed remotely over secure channels.|
|DS5.3||Identity Management||rsync.net remote filesystems can use multiple authentication models including username/password pairs and standard, OpenSSH PKI mechanisms.|
|DS5.4||User Account Management||rsync.net allows complete flexibility in managing users and groups as well as unlimited technical support for user and group management.|
|DS5.5||Abnormal Activity Detection||rsync.net allows the remote analysis of the remote filesystem as well as custom analysis of file and directories that can enable sophisticated intrusion detection and abnormal activity detection models.|
|DS5.7||Protection of Security Technology||rsync.net Secure FTP Server encrypts any sensitive information that may be found in server configuration files.|
|DS5.8||Cryptographic Key Management||rsync.net supports open standards for the management of OpenSSH, Putty and other public/private key-pairs for use with OpenSSH. In addition, resources such as the rsync.net CA Root Certificate and PGP public keys are available to our customers. Customers have a wide variety of standards-based Windows, Mac and Unix tools for the management of these standard keys.|
|DS5.10||Network Security||rsync.net remote filesystems are accessible via the SSH protocol and the WebDAV protocol over Secure Sockets Layer (SSL).|
|DS5.11||Exchange of Sensitive Data||The data stored on rsync.net filesystems may be encrypted in any manner the owner sees fit, using any number of encryption utilities such as PGP/GPG and Truecrypt.|
|DS11.5||Backup and Restoration||rsync.net remote filesystems may serve as a repository for backup data/files that can later be restored to an arbitrary location.|
|DS11.6||Data Security||The data stored on rsync.net filesystems may be encrypted in any manner the owner sees fit, using any number of encryption utilities such as PGP/GPG and Truecrypt.|
|DS13.2||Job Scheduling||rsync.net filesystems may be written to and read from, on a schedule using the built-in tools of your OS (the Unix crontab, the Windows Scheduled task, the OSX crontab, etc.) or using any other scheduling or automation tool you choose.|
You, or your CEO, may find our CEO Page useful.
Contact firstname.lastname@example.org for more information, and answers to your questions.