Sarbanes-Oxley (SOX) are regulations that protect investors from fraudulent financial reporting by obligating companies to maintain strong accounting and finance controls. The regulations apply to publicly traded companies, their subsidiaries, and non-US companies that operate in the US. All of these entities are required to:
- Perform risk assessments
- Identify disclosure controls and policies, and avoid selective disclosure
- Implement, monitor, and test cybersecurity controls
- Maintain policies and procedures related to cybersecurity risks and incidents
- Report material cybersecurity risks in a timely manner – even before regular reporting or auditing periods
Non-compliance with SOX can result in steep fines, removal from public stock exchanges, and potential liability of directors and officers.