SlideShare a Scribd company logo

HR role in SOX compliance - Digital assets

Strategic Business & IT Services
Strategic Business & IT Services

How HR can protect against financial and litigation risks when considering HR digital content

TechnologyBusiness
1 of 2
Download to read offline
HR Digital Content & Sox compliance SOX The Sarbanes–Oxley Act of 2002 was put in place by the US government to protect investors in public companies following a series of corporate and accounting scandals perpetrated in the late 90’s and early 00’s which included Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which cost investors billions of dollars when the share prices of affected companies collapsed, shook public confidence in the nation's securities markets. Much has been written about these scandals and also SOX and what is now required of Public Companies and their stakeholders to secure societies confidence in the Markets and keep corporate officers and employees out of jail. This piece concerns itself with a specific set of challenges relating to HR Digital Content used in a public company or for that matter any company, and the role of HR in ensuring best practice for digital content relating to the management of the primary asset of the company “It’s staff” Section 404, 301,806 & Digital Content Section 404 of the Act “Assessment of Internal Controls” In particular section 404 is concerned with the protection of corporate assets. HR in the context of the overall goals of SOX “To protect investors in public companies” contribute to internal controls relating to people that could create significant financial risk for the organisation including employment law litigation and fraud. Employment contract clauses such as non-disclosure, non-solicit, non-compete, IPR & confidential information protection and performance standards are all critical as are the HR processes to control and manage any exposure. Training is another area of importance such as specific job skills, health & safety, and legal obligations the integrity of the training and training records are also central to avoiding potential litigation whether it be commercial, employment law or product/professional indemnity financial exposures. Add to this that rules and policies relating to procurement, expense reporting and commissions all create potential fraud opportunities then we can see HR their processes and digital content make a significant contribution to SOX compliance. Section 301 & 806: are also key sections where HR digital content is fundamental to compliance and in fact may produce important digital evidence for internal or external scrutiny. The sections refer to the “Whistle- blower” requirements which are usually managed by HR. Creating a trusted Whistle-blower process with integrity may involve digital content of many types including databases, documents, audio and video records. HR must ensure that the process is fair and transparent, it protects the rights of all parties and that there is avoidance of retaliation litigation risk. Not only that but once whistle-blower reports an incident everything in the system becomes potential evidence so as ediscovery finds this evidence the digital forensic chain must be secured. How can HR in public companies identify and prevent litigation & financial risk? 1. Identify & List the company’s HR digital assets (versions, time lines etc.) 2. Perform a Risk analysis and identify those critical digital assets 3. Identify those critical digital content types and forms that must be protected and controlled through their life cycle. 4. Ensure that whistle-blowers procedures are digital and evidential friendly 5. Put in place adequate digital evident and asset authenticity and integrity controls www.digiprove.com ©Digiprove Feb 2012
HR Digital Content & Sox compliance Identify& implement appropriate software controls as a solution to the digital content/asset protection such as Digiprove. What are the core features that a simple software solution must have?  Establish the authenticity and integrity of digital content on entry into the company’s HR digital world whether created within that world or entering externally whether it be via an electronic communications or scanned solution. (This can be achieved by creating a unique digital fingerprint of the content and meta data such as date, time, location, ownership)  Maintain full confidentiality of this HR digital content in that it does not get sent externally outside the companies own controlled digital world to be certified.  Create an audit trail for the defined HR digital content and any actions taken on that content.  Be able to verify the provenance of any HR digital content once it has been certified and verify if it has been tampered with. Digiprove products tick all the boxes: Selfprotect – a simple SaaS on-line service for content and communications Autoprotect – a simple background utility that automatically protects the identified files and folders. Completeprotect – includes digital log event certification and audit trail along with autoprotected content. (New Product) Signasure – enables and protects documents with all types of digital signatures (New Product) Brokerprove – A standalone solution for SME professional service providers Embedprotect – A software developer’s kit that enables Digiprove technology to be quickly integrated into a company’s business applications www.digiprove.com ©Digiprove Feb 2012

Recommended

The relevance of Digital content in SOX compliance
The relevance of Digital content in SOX complianceThe relevance of Digital content in SOX compliance
The relevance of Digital content in SOX complianceStrategic Business & IT Services
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Andris Soroka
 
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SMCarlos Valderrama
 
The 10 most intelligent identity & access management solution providers 2020.
The 10 most intelligent identity & access management solution providers 2020.The 10 most intelligent identity & access management solution providers 2020.
The 10 most intelligent identity & access management solution providers 2020.Merry D'souza
 
Security and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | SysforeSecurity and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | SysforeSysfore Technologies
 
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...Andris Soroka
 
Top 25 Cyber Security Blogs You Should Be Reading
Top 25 Cyber Security Blogs You Should Be ReadingTop 25 Cyber Security Blogs You Should Be Reading
Top 25 Cyber Security Blogs You Should Be ReadingDDoS Mitigation
 
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...PiyushHipparkar
 

Recommended

The relevance of Digital content in SOX compliance
The relevance of Digital content in SOX complianceThe relevance of Digital content in SOX compliance
The relevance of Digital content in SOX complianceStrategic Business & IT Services
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Andris Soroka
 
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SMCarlos Valderrama
 
The 10 most intelligent identity & access management solution providers 2020.
The 10 most intelligent identity & access management solution providers 2020.The 10 most intelligent identity & access management solution providers 2020.
The 10 most intelligent identity & access management solution providers 2020.Merry D'souza
 
Security and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | SysforeSecurity and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | SysforeSysfore Technologies
 
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...
Data Security Solutions @ Lithuania CIO Forum 2015 - Mobility will happen by ...Andris Soroka
 
Top 25 Cyber Security Blogs You Should Be Reading
Top 25 Cyber Security Blogs You Should Be ReadingTop 25 Cyber Security Blogs You Should Be Reading
Top 25 Cyber Security Blogs You Should Be ReadingDDoS Mitigation
 
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...PiyushHipparkar
 
AI+Blockchain+IoT Integration Innovation Insights from Patents
AI+Blockchain+IoT Integration Innovation Insights from PatentsAI+Blockchain+IoT Integration Innovation Insights from Patents
AI+Blockchain+IoT Integration Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
SecureMAG Vol 3
SecureMAG Vol 3SecureMAG Vol 3
SecureMAG Vol 3Chin Wan Lim
 
SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014Chin Wan Lim
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trustlmgangi
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015sarah kabirat
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
Configuration File of Trojan Targets Organization
Configuration File of Trojan Targets OrganizationConfiguration File of Trojan Targets Organization
Configuration File of Trojan Targets OrganizationDigital Shadows
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation EnablerAlexander Akinjayeju. MSc, CISM, Prince2
 
Account Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full ProtectionAccount Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full ProtectionKalin Hitrov
 
The smartdefend Story Book
The smartdefend Story BookThe smartdefend Story Book
The smartdefend Story BookSmart Defend UK
 
Cybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slidesCybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slidesAmerican Chamber of Commerce in Bahrain
 
RisingStarsOfCybersecurity
RisingStarsOfCybersecurityRisingStarsOfCybersecurity
RisingStarsOfCybersecurityIndy Dh
 
___2360_SP_RBR_4pp_FINAL---Screen
___2360_SP_RBR_4pp_FINAL---Screen___2360_SP_RBR_4pp_FINAL---Screen
___2360_SP_RBR_4pp_FINAL---ScreenManuel Sanchez Lopez
 
Responsible for information
Responsible for informationResponsible for information
Responsible for informationDunton Environmental
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017Craig Devlin
 
The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017Merry D'souza
 
DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)
DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)
DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)Andris Soroka
 
Networkers cyber security market intelligence report
Networkers cyber security market intelligence reportNetworkers cyber security market intelligence report
Networkers cyber security market intelligence reportSimon Clements FIRP DipRP
 
Ethnosit.net
Ethnosit.netEthnosit.net
Ethnosit.netethnos
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 

More Related Content

What's hot

AI+Blockchain+IoT Integration Innovation Insights from Patents
AI+Blockchain+IoT Integration Innovation Insights from PatentsAI+Blockchain+IoT Integration Innovation Insights from Patents
AI+Blockchain+IoT Integration Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014Chin Wan Lim
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trustlmgangi
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015sarah kabirat
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
Configuration File of Trojan Targets Organization
Configuration File of Trojan Targets OrganizationConfiguration File of Trojan Targets Organization
Configuration File of Trojan Targets OrganizationDigital Shadows
 
Account Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full ProtectionAccount Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full ProtectionKalin Hitrov
 
The smartdefend Story Book
The smartdefend Story BookThe smartdefend Story Book
The smartdefend Story BookSmart Defend UK
 
RisingStarsOfCybersecurity
RisingStarsOfCybersecurityRisingStarsOfCybersecurity
RisingStarsOfCybersecurityIndy Dh
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017Craig Devlin
 
The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017Merry D'souza
 
DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)
DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)
DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)Andris Soroka
 
Networkers cyber security market intelligence report
Networkers cyber security market intelligence reportNetworkers cyber security market intelligence report
Networkers cyber security market intelligence reportSimon Clements FIRP DipRP
 
Ethnosit.net
Ethnosit.netEthnosit.net
Ethnosit.netethnos
 

What's hot (20)

AI+Blockchain+IoT Integration Innovation Insights from Patents
AI+Blockchain+IoT Integration Innovation Insights from PatentsAI+Blockchain+IoT Integration Innovation Insights from Patents
AI+Blockchain+IoT Integration Innovation Insights from Patents
 
SecureMAG Vol 3
SecureMAG Vol 3SecureMAG Vol 3
SecureMAG Vol 3
 
SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trust
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 
Configuration File of Trojan Targets Organization
Configuration File of Trojan Targets OrganizationConfiguration File of Trojan Targets Organization
Configuration File of Trojan Targets Organization
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation Enabler
 
Account Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full ProtectionAccount Takeover: The Best Practices for Full Protection
Account Takeover: The Best Practices for Full Protection
 
The smartdefend Story Book
The smartdefend Story BookThe smartdefend Story Book
The smartdefend Story Book
 
Cybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slidesCybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slides
 
RisingStarsOfCybersecurity
RisingStarsOfCybersecurityRisingStarsOfCybersecurity
RisingStarsOfCybersecurity
 
___2360_SP_RBR_4pp_FINAL---Screen
___2360_SP_RBR_4pp_FINAL---Screen___2360_SP_RBR_4pp_FINAL---Screen
___2360_SP_RBR_4pp_FINAL---Screen
 
Responsible for information
Responsible for informationResponsible for information
Responsible for information
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017
 
The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017
 
DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)
DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)
DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)
 
Networkers cyber security market intelligence report
Networkers cyber security market intelligence reportNetworkers cyber security market intelligence report
Networkers cyber security market intelligence report
 
Ethnosit.net
Ethnosit.netEthnosit.net
Ethnosit.net
 

Similar to HR role in SOX compliance - Digital assets

Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Identive | Press Release | Identive Group names Jason Hart Executive Vice Pre...
Identive | Press Release | Identive Group names Jason Hart Executive Vice Pre...Identive | Press Release | Identive Group names Jason Hart Executive Vice Pre...
Identive | Press Release | Identive Group names Jason Hart Executive Vice Pre...Identive
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech applicationnimbleappgenie
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk ManagementShaun Sloan
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementseadeloitte
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Mulin Holstein PKI-strategy
Mulin Holstein PKI-strategyMulin Holstein PKI-strategy
Mulin Holstein PKI-strategyfEngel
 
What is Identity Security.pptx
What is Identity Security.pptxWhat is Identity Security.pptx
What is Identity Security.pptxinfosec train
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standardsautomatskicorporation
 
The future of Identity Access Management | Sysfore
The future of Identity Access Management | SysforeThe future of Identity Access Management | Sysfore
The future of Identity Access Management | SysforeSysfore Technologies
 

Similar to HR role in SOX compliance - Digital assets (20)

Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Trofi Security Service Catalogue (1)
Trofi Security Service Catalogue (1)Trofi Security Service Catalogue (1)
Trofi Security Service Catalogue (1)
 
Embed trust in your software & data
Embed trust in your software & dataEmbed trust in your software & data
Embed trust in your software & data
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanian
 
Identive | Press Release | Identive Group names Jason Hart Executive Vice Pre...
Identive | Press Release | Identive Group names Jason Hart Executive Vice Pre...Identive | Press Release | Identive Group names Jason Hart Executive Vice Pre...
Identive | Press Release | Identive Group names Jason Hart Executive Vice Pre...
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech application
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk Management
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access management
 
digital strategy and information security
digital strategy and information securitydigital strategy and information security
digital strategy and information security
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
A smarter way to manage identities
A smarter way to manage identitiesA smarter way to manage identities
A smarter way to manage identities
 
Mulin Holstein PKI-strategy
Mulin Holstein PKI-strategyMulin Holstein PKI-strategy
Mulin Holstein PKI-strategy
 
What is Identity Security.pptx
What is Identity Security.pptxWhat is Identity Security.pptx
What is Identity Security.pptx
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standards
 
The future of Identity Access Management | Sysfore
The future of Identity Access Management | SysforeThe future of Identity Access Management | Sysfore
The future of Identity Access Management | Sysfore
 

More from Strategic Business & IT Services

Unitary Developmental Theory Elaborated for all human systems
Unitary Developmental Theory Elaborated for all human systemsUnitary Developmental Theory Elaborated for all human systems
Unitary Developmental Theory Elaborated for all human systemsStrategic Business & IT Services
 
Introduction to Unitary Developmental Theory & Application
Introduction to Unitary Developmental Theory & ApplicationIntroduction to Unitary Developmental Theory & Application
Introduction to Unitary Developmental Theory & ApplicationStrategic Business & IT Services
 
Transformation, Chanhe and Improvement Newsletter July 2021
Transformation, Chanhe and Improvement Newsletter July 2021Transformation, Chanhe and Improvement Newsletter July 2021
Transformation, Chanhe and Improvement Newsletter July 2021Strategic Business & IT Services
 
What are capability maturity models & why are they Important?
What are capability maturity models & why are they Important?What are capability maturity models & why are they Important?
What are capability maturity models & why are they Important?Strategic Business & IT Services
 
The new world of work securing the crisis gains & adapting
The new world of work securing the crisis gains & adaptingThe new world of work securing the crisis gains & adapting
The new world of work securing the crisis gains & adaptingStrategic Business & IT Services
 
How digital can enable continuous innovation 2nd edition 130520
How digital can enable continuous innovation 2nd edition 130520How digital can enable continuous innovation 2nd edition 130520
How digital can enable continuous innovation 2nd edition 130520Strategic Business & IT Services
 
Achieving the best possible organisation crisis outcome (New Normal)
Achieving the best possible organisation crisis outcome (New Normal)Achieving the best possible organisation crisis outcome (New Normal)
Achieving the best possible organisation crisis outcome (New Normal)Strategic Business & IT Services
 

More from Strategic Business & IT Services (20)

Unitary Developmental Theory Elaborated for all human systems
Unitary Developmental Theory Elaborated for all human systemsUnitary Developmental Theory Elaborated for all human systems
Unitary Developmental Theory Elaborated for all human systems
 
Digital Transformation & Improvement Pocketbook
Digital Transformation & Improvement PocketbookDigital Transformation & Improvement Pocketbook
Digital Transformation & Improvement Pocketbook
 
Introduction to Unitary Developmental Theory & Application
Introduction to Unitary Developmental Theory & ApplicationIntroduction to Unitary Developmental Theory & Application
Introduction to Unitary Developmental Theory & Application
 
Overview of The Organization Maturity Index
Overview of The Organization Maturity IndexOverview of The Organization Maturity Index
Overview of The Organization Maturity Index
 
Introduction to UDT and its application 061222.pdf
Introduction to UDT and its application 061222.pdfIntroduction to UDT and its application 061222.pdf
Introduction to UDT and its application 061222.pdf
 
Transformation, Chanhe and Improvement Newsletter July 2021
Transformation, Chanhe and Improvement Newsletter July 2021Transformation, Chanhe and Improvement Newsletter July 2021
Transformation, Chanhe and Improvement Newsletter July 2021
 
Building intrinsic organisation resilience 2021
Building intrinsic organisation resilience 2021Building intrinsic organisation resilience 2021
Building intrinsic organisation resilience 2021
 
Organisation Resilience in times of disruption study 2021
Organisation Resilience in times of disruption study 2021Organisation Resilience in times of disruption study 2021
Organisation Resilience in times of disruption study 2021
 
Transformation, Change & Improvement Newsletter Q1-2021
Transformation, Change & Improvement Newsletter Q1-2021Transformation, Change & Improvement Newsletter Q1-2021
Transformation, Change & Improvement Newsletter Q1-2021
 
Situational Leadership, Organisation Maturity & Culture
Situational Leadership, Organisation Maturity & CultureSituational Leadership, Organisation Maturity & Culture
Situational Leadership, Organisation Maturity & Culture
 
What are capability maturity models & why are they Important?
What are capability maturity models & why are they Important?What are capability maturity models & why are they Important?
What are capability maturity models & why are they Important?
 
Organisation, Team & Digital Assessment process
Organisation, Team & Digital Assessment process Organisation, Team & Digital Assessment process
Organisation, Team & Digital Assessment process
 
Odti newsletter dec 2020 release
Odti newsletter dec 2020 release Odti newsletter dec 2020 release
Odti newsletter dec 2020 release
 
Organisation change readiness assessment paper
Organisation change readiness assessment paper Organisation change readiness assessment paper
Organisation change readiness assessment paper
 
ODTI newsletter oct 2020
ODTI newsletter oct 2020 ODTI newsletter oct 2020
ODTI newsletter oct 2020
 
The new world of work securing the crisis gains & adapting
The new world of work securing the crisis gains & adaptingThe new world of work securing the crisis gains & adapting
The new world of work securing the crisis gains & adapting
 
How digital can enable continuous innovation 2nd edition 130520
How digital can enable continuous innovation 2nd edition 130520How digital can enable continuous innovation 2nd edition 130520
How digital can enable continuous innovation 2nd edition 130520
 
Achieving the best possible organisation crisis outcome (New Normal)
Achieving the best possible organisation crisis outcome (New Normal)Achieving the best possible organisation crisis outcome (New Normal)
Achieving the best possible organisation crisis outcome (New Normal)
 
Organisation Culture Change Masterclass
Organisation Culture Change MasterclassOrganisation Culture Change Masterclass
Organisation Culture Change Masterclass
 
Organisation Culture Change Masterclass
Organisation Culture Change MasterclassOrganisation Culture Change Masterclass
Organisation Culture Change Masterclass
 

Recently uploaded

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 

HR role in SOX compliance - Digital assets

  • 1. HR Digital Content & Sox compliance SOX The Sarbanes–Oxley Act of 2002 was put in place by the US government to protect investors in public companies following a series of corporate and accounting scandals perpetrated in the late 90’s and early 00’s which included Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which cost investors billions of dollars when the share prices of affected companies collapsed, shook public confidence in the nation's securities markets. Much has been written about these scandals and also SOX and what is now required of Public Companies and their stakeholders to secure societies confidence in the Markets and keep corporate officers and employees out of jail. This piece concerns itself with a specific set of challenges relating to HR Digital Content used in a public company or for that matter any company, and the role of HR in ensuring best practice for digital content relating to the management of the primary asset of the company “It’s staff” Section 404, 301,806 & Digital Content Section 404 of the Act “Assessment of Internal Controls” In particular section 404 is concerned with the protection of corporate assets. HR in the context of the overall goals of SOX “To protect investors in public companies” contribute to internal controls relating to people that could create significant financial risk for the organisation including employment law litigation and fraud. Employment contract clauses such as non-disclosure, non-solicit, non-compete, IPR & confidential information protection and performance standards are all critical as are the HR processes to control and manage any exposure. Training is another area of importance such as specific job skills, health & safety, and legal obligations the integrity of the training and training records are also central to avoiding potential litigation whether it be commercial, employment law or product/professional indemnity financial exposures. Add to this that rules and policies relating to procurement, expense reporting and commissions all create potential fraud opportunities then we can see HR their processes and digital content make a significant contribution to SOX compliance. Section 301 & 806: are also key sections where HR digital content is fundamental to compliance and in fact may produce important digital evidence for internal or external scrutiny. The sections refer to the “Whistle- blower” requirements which are usually managed by HR. Creating a trusted Whistle-blower process with integrity may involve digital content of many types including databases, documents, audio and video records. HR must ensure that the process is fair and transparent, it protects the rights of all parties and that there is avoidance of retaliation litigation risk. Not only that but once whistle-blower reports an incident everything in the system becomes potential evidence so as ediscovery finds this evidence the digital forensic chain must be secured. How can HR in public companies identify and prevent litigation & financial risk? 1. Identify & List the company’s HR digital assets (versions, time lines etc.) 2. Perform a Risk analysis and identify those critical digital assets 3. Identify those critical digital content types and forms that must be protected and controlled through their life cycle. 4. Ensure that whistle-blowers procedures are digital and evidential friendly 5. Put in place adequate digital evident and asset authenticity and integrity controls www.digiprove.com ©Digiprove Feb 2012
  • 2. HR Digital Content & Sox compliance Identify& implement appropriate software controls as a solution to the digital content/asset protection such as Digiprove. What are the core features that a simple software solution must have?  Establish the authenticity and integrity of digital content on entry into the company’s HR digital world whether created within that world or entering externally whether it be via an electronic communications or scanned solution. (This can be achieved by creating a unique digital fingerprint of the content and meta data such as date, time, location, ownership)  Maintain full confidentiality of this HR digital content in that it does not get sent externally outside the companies own controlled digital world to be certified.  Create an audit trail for the defined HR digital content and any actions taken on that content.  Be able to verify the provenance of any HR digital content once it has been certified and verify if it has been tampered with. Digiprove products tick all the boxes: Selfprotect – a simple SaaS on-line service for content and communications Autoprotect – a simple background utility that automatically protects the identified files and folders. Completeprotect – includes digital log event certification and audit trail along with autoprotected content. (New Product) Signasure – enables and protects documents with all types of digital signatures (New Product) Brokerprove – A standalone solution for SME professional service providers Embedprotect – A software developer’s kit that enables Digiprove technology to be quickly integrated into a company’s business applications www.digiprove.com ©Digiprove Feb 2012