Sarbanes-Oxley (SOX) Compliance
For Google Docs
SOX Compliance in Google Apps and CloudLock
CloudLock for Google Apps can be used as an effective tool to facilitate SOX compliance with Google Docs. It
provides a comprehensive system to meet the requirements of SOX sections 302 and 404 for documents stored in
Google Docs.
Section 302 -
Disclosure Controls
!
Report on access controls and
asses risk. To comply with
SOX, management must have
a clear understanding of who
owns and who is authorized to
access financial documents.
!
CloudLock provides a complete access management
system with reporting on user access rights for each
document in the domain. This is supported by automatic
discovery of all the documents and users in the domain and
classification of documents by access and exposure levels.
CloudLock supports review and approval processes to
make sure only authorized users can access sensitive
financial documents.
!
Section 302 -
Disclosure Controls
Audit and report on all access
rights and changes in access
permissions to regulated data
stored in Google docs. SOX
requires organizations to
provide ongoing evidence that
they are compliant.
CloudLock provides ongoing monitoring of all the
documents in the domain. A daily change report for each
document details changes in ownership, collaborators and
permissions.
Section 404 -
Assessment of
Internal Controls
Implement access controls to
limit user rights based on a
need-to-know basis. Identify
users with excessive rights to
protect financial data from
unauthorized activities.
CloudLock provides IT with the visibility and control to all
the documents in the Google Apps domain without the need
to be shared on these documents. IT can easily secure
access rights to financial documents according to company
policy, and can transfer document ownership in bulk without
manually logging into accounts.
Section 404 -
Assessment of
Internal Controls
All activities should be
reported for auditing and to
support forensic investigation.
A complete change report is available for every document.
Alerts and email notifications are generated for permission
changes and new exposures. All admin activities and
changes are reported in a tamper-proof audit trail.
Section 404 -
Assessment of
Internal Controls
Separation of duties and
enable for auditor
independence.
Sox auditors can be delegated access to CloudLock to
review the access rights to all financial documents. This is
done without making them domain administrators or
collaborators on these documents.
Section 404 -
Assessment of
Internal Controls
Organizations must be able to
prove that they have accurate
and reliable compliance
behavior at all times.
CloudLock Vault is a secure, authenticated & tamper-proof
digital data vault built on top of Google Docs. Once
documents are stored in the vault, they cannot be deleted
or modified.