Welcome to the ninth issue of ISO 17799 News, designed to keep you abreast of developments and news with respect to ISO17799 and information security.
The newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents.
Included in this edition are the following topics:
ISO17799 SECTION 12: SARBANES-OXLEY ACT
The Sarbanes-Oxley Act was signed into law in the United States on July 30th 2002, and introduced highly significant regulatory changes to financial practice and corporate governance. It introduced stringent new rules with the stated objective: "to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws".
Because this act internationally significant as well, each future edition of ISO 17799 News will feature an area of the Sarbanes Oxley Act that focuses on a particular topic of interest. This issue covers Investigations and Disciplinary Proceedings.
The Executive Management and Board of Directors are required to establish procedures for the investigations and disciplining of registered public accounting firms, or any person associated with that firm, where they may be considered to have been in violation of the Act. The Board may:
- Request sight of all relevant audit work papers and associated documentation
- Request written testimony from any clients of the registered firm that may have been involved in matters being under investigation, including issuing of subpoenas
- Request a written explanation from the registered firm on the matters being investigated
In the event of non-cooperation with the inspection, the Board may carry out sanctions, including suspension or revocation of registration.
The Board is required to notify the Commission of impending investigations in order that the Commissions division of enforcement may be involved as appropriate.
The Board is to take care that all relevant information and documents are kept appropriately confidential in case such evidence is required in a state or federal court as part of criminal or civil legal due process. Such information may be made available to various government agencies provided these bodies maintain such information as confidential and privileged.
Employees of the Board involved in investigations are immune from any civil liability to the same extent as federal government employees.
This section also contains detailed information on the disciplinary process and the civil penalties that may be imposed, including suspension of a public accounting firm and barring association during this suspension with organizations regulated by the SEC. The Board is required to inform the Commission and any appropriate regulatory bodies and the public (after any stay has been lifted) on the application of sanctions.
More information on the SOA can be found at: http://www.sarbanes-oxley-forum.com