Skip to main content


Showing posts from May, 2021

Information Security: SOX, SOC2, ISO 27001, PCI-DSS, OMG!

Introduction Let’s talk about certifications, standards, controls, control frameworks, etc. Let’s start with standards. SOX Per Wikipedia : The Sarbanes–Oxley Act of 2002...more commonly called Sarbanes–Oxley or SOX, is a United States federal law that set new or expanded requirements for all U.S. public company boards, management and public accounting firms. A number of provisions of the Act also apply to privately held companies, such as the willful destruction of evidence to impede a federal investigation. The bill...was enacted as a reaction to a number of major corporate and accounting scandals, including Enron and WorldCom. The sections of the bill cover responsibilities of a public corporation's board of directors, add criminal penalties for certain misconduct, and require the Securities and Exchange Commission to create regulations to define how public corporations are to comply with the law. In a nutshell (and bearing in mind that I am not an expert), SO