The Sarbanes-Oxley Act of 2002 (SOX) mandates security controls and accountability for corporations and requires security professionals to play a key role in a company’s ability to comply with this regulation (United States Congress, 2002); (Stults, 2004). An understanding of the scope and potential issues with SOX is critical to successfully implementing the changes required by SOX (Stults, 2004).


Stults, G. (2004, July 25). An Overview of Sarbanes-Oxley for the Information Security Professional. Retrieved from

United States Congress. (2002, July 30). H.R.3763 – 107th Congress (2001-2002): Sarbanes-Oxley Act of 2002. Retrieved from