Meet your Sarbanes-Oxley Compliance Section 404 Requirements
Fintech firms looking to go public or that are already publicly traded must adhere to Section 404 of the Sarbanes-Oxley Act, which mandates the Management Assessment of Internal Controls. Section 404 of SOX requires companies to establish, assess, and disclose their Internal Controls Over Financial Reporting (ICFR). For fintech firms, these controls could extend to process that handle customer financial data.
If customer data is used in financial reporting or transactions, the controls governing that data need to be robust and regularly assessed to prevent inaccuracies or fraud. An independent auditor must evaluate and attest to management’s assessment of the company’s Internal Controls Over Financial Reporting (ICFR)
Procyon’s cloud-native PAM solution based on Just-In-Time helps your organization to establish and maintain SOX controls.
Procyon’s cloud-native Privilege Access Management solution offers Just-in-Time access to the production environment required by DevOps and SRE teams.
Just-In-Time solution enables authorized users to get time-bound access to sensitive customer data with just-enough-privileges from authorized devices where access is revoked automatically after the grant expires. The Just-In-Time solution is a passwordless solution. Nothing to remember, nothing to steal.
|Time Bound Access||Authorized User|
The Procyon solution provides profound context into: who accessed customer data, the time of access, the duration, the device used, and the permissions used.
The internal auditors can review access request, approval history, session logs & replays to ensure that sensitive customer data access and changes are inline with change-requests.
These audit logs can be shared with external auditors to meet SOX
compliance section 404 requirements.