- Sarbanes-Oxley


The Sarbanes-Oxley Act of 2002 requires that public companies implement IT controls to assure the accuracy of company financial records.

These controls must include IT processes that provide for the security of data, central management of user accounts and the ability to audit and report on both internal and external file transfers.

Sarbanes-Oxley does not, however, define the specifics as to how these controls must be implemented. Therefore, many companies and Sarbanes-Oxley auditors have adopted a standard called COBIT for documenting, defining and evaluating internal IT controls. is a platform independent, external repository for computer data that can be accessed over cryptographically secure channels, including sftp, scp, rsync, secure WebDAV (over SSL). The resulting remote data store can be encrypted using any number of open encryption standards, such as PGP/GPG, Truecrypt, etc.

When used properly, an offsite filesystem may satisfy some or all of the COBIT controls and may assist you in meeting your requirements under the Sarbanes-Oxley act.


COBIT Control Objectives and


COBIT Description Solution
DS1.5 Monitoring and Reporting rsync, sftp and scp clients can be configured to send email reports as well as produce time-variable data for graphing and analysis.
DS5.1 Remote Management remote filesystems, and the tools one uses to access them, can be managed remotely over secure channels.
DS5.3 Identity Management remote filesystems can use multiple authentication models including username/password pairs and standard, OpenSSH PKI mechanisms.
DS5.4 User Account Management allows complete flexibility in managing users and groups as well as unlimited technical support for user and group management.
DS5.5 Abnormal Activity Detection allows the remote analysis of the remote filesystem as well as custom analysis of file and directories that can enable sophisticated intrusion detection and abnormal activity detection models.
DS5.7 Protection of Security Technology Secure FTP Server encrypts any sensitive information that may be found in server configuration files.
DS5.8 Cryptographic Key Management supports open standards for the management of OpenSSH, Putty and other public/private key-pairs for use with OpenSSH. In addition, resources such as the CA Root Certificate and PGP public keys are available to our customers. Customers have a wide variety of standards-based Windows, Mac and Unix tools for the management of these standard keys.
DS5.10 Network Security remote filesystems are accessible via the SSH protocol and the WebDAV protocol over Secure Sockets Layer (SSL).
DS5.11 Exchange of Sensitive Data The data stored on filesystems may be encrypted in any manner the owner sees fit, using any number of encryption utilities such as PGP/GPG and Truecrypt.
DS11.5 Backup and Restoration remote filesystems may serve as a repository for backup data/files that can later be restored to an arbitrary location.
DS11.6 Data Security The data stored on filesystems may be encrypted in any manner the owner sees fit, using any number of encryption utilities such as PGP/GPG and Truecrypt.
DS13.2 Job Scheduling filesystems may be written to and read from, on a schedule using the built-in tools of your OS (the Unix crontab, the Windows Scheduled task, the OSX crontab, etc.) or using any other scheduling or automation tool you choose.


More Information publishes a wide array of support documents as well as a FAQ

You, or your CEO, may find our CEO Page useful.

Please see our HIPAA and Sarbanes-Oxley compliance statements.

Contact for more information, and answers to your questions.




Click here for Simple Pricing - Or call 619-819-9156 or email for more information.