CONTACT | SEARCH | LOGIN
Diplomat Enterprise Edition | Diplomat Standard Edition | Diplomat Basic Edition | Evaluation Software
Usage Scenarios | HIPAA | PCI DSS | Sarbanes-Oxley | Security Tips
Downloads | Report Problems
Downloads | Report Problems
About OpenPGP | Associations/User Groups | Security Resources
Management Team | Customers | Contact

Sarbanes-Oxley

The Sarbanes-Oxley Act of 2002 (SOA) applies to all organizations that are publicly traded in the United States. Compliance was required for larger public companies by June 15, 2004, and for smaller companies by April 15, 2005.

The Control Objectives for Information and related Technology (COBIT) framework published by the IT Governance Institute provides details to support the required IT controls assessment and design activities to meet SOA requirements.

One of the key COBIT activities is to “Ensure Systems Security”. The following highlights of the COBIT control objectives illustrate the role Diplomat Transaction Manager can have in meeting SOA compliance.

Security Control Objectives

Diplomat Features

Incident Handling:   Incident management responsibilities and procedures should be established to ensure an appropriate, effective, and timely response to security incidents. In the event of a security breach, Diplomat Enterprise Edition can suspend all jobs, jobs with a specific partner, or using a particular key until the issue is resolved.
Counterparty Trust:   Verify authenticity of the counterparty providing electronic transactions. This can be implemented through trusted exchange of passwords, tokens or cryptographic keys. All Diplomat products allow both signing and verification of electronic transactions to confirm both identity of the sender and that the contents of the files have not been altered during transmission.
Transaction Authorization: Authenticate transactions and establish the validity of a user's claimed identity to the system. This requires use of cryptographic techniques for signing and verifying transactions. All Diplomat products allow both signing and verification of electronic transactions to confirm both identity of the sender and that the contents of the files have not been altered during transmission.
Non-Repudiation:  Ensure transactions cannot be denied by either party, and controls are implemented to provide non-repudiation of origin or receipt, proof of submission, and receipt of transactions. Diplomat's Standard Edition and Enterprise Edition audit trail provides a clear, time-stamped record of all transactions.  And, since FTP is used for transmission -- rather than email -- a successful transmission cannot be repudiated.
Trusted Path:  Ensure sensitive transaction data is only exchanged over a trusted path by using encryption between users, between users and systems, and between systems. All Diplomat products allow all files to be encrypted and/or signed before transmission.

Related Topics

For more information on the role of IT in corporate governance, go to IT Governance Institute (ITGI), the source of the COBIT framework. 


"As with many recent initiatives, such as HIPAA and the Sarbanes-Oxley Act, internal and external mandates are calling for every process to be documented, auditable, and accountable..."

   -- L. Frank Kenney, Gartner Group