How ObserveIT Helps You Address SOX
Compliance Requirements
Do You Need to Demonstrate SOX Compliance?
Sarbanes-Oxley (SOX) places strict limitations on the types of people who can access sensitive
financial and corporate data. Unfortunately, many SOX-compliant organizations have little or no
insight into who these users are and what they are doing – putting themselves at risk for data
breaches, fines and, in some cases, imprisonment. These companies realize the need to monitor
users involved with accessing, storing and auditing sensitive corporate information, yet their
current data security systems often lack this functionality.
Ensuring Security While Maintaining Privacy
“We enjoy showing off to
our customers that every
user action is recorded. This
increases confidence
all around.”
Rick Beecroft, Area Manager,
Americas and Pacific Rim
ObserveIT can help any organization satisfy its SOX requirements within minutes. With detailed
logs and visual recordings of all user activity – on any server, workstation or application – ObserveIT
exceeds the strictest interpretation of SOX requirements with conclusive evidence for compliance
auditors. These audit reports can be completed in a fraction of the time, with the ability to instantly
search, analyze and view the actual video-like playback of the pinpointed session. Here’s how
ObserveIT's user activity monitoring addresses specific SOX section 404 requirements:
“SOX Section 404 – Evaluate Company-Level Controls”


ObserveIT requires individual credentials to log onto a server or network, ensuring that
every action will be recorded. All visual and textual metadata logs are tied to the specific
user, providing visibility into who is doing what and when.
With ObserveIT, every application has a compliance audit log component, regardless of
that application’s origin. It also offers the flexibility to grow and deploy new applications
at any given time, without needing to deploy new audit protocols.
“SOX Section 404 – Perform a Fraud Risk Assessment”


ObserveIT monitors all user activity. This provides an unequivocal audit trail of user activity
and bulletproof evidence as to who worked on what servers. Because of this, you can easily
conduct root cause analysis to find changes or use the advanced keyword search, which
allows you to search by applications, user names, windows, text typed and more.
ObserveIT provides pre-built and customizable compliance audit reports that are easily
accessible for compliance auditors, with automated canned reports sent via email, periodic and
customized reports, textual summaries and full video replay.
“SOX Section 404 – Evaluate Controls Designed to Prevent or Detect Fraud”


ObserveIT provides flexible alert generation based on robust combinations of user profiles, key
actions and client locations.
ObserveIT captures a detailed textual log plus visual recordings of every user action, with logs
generated for every application, including those without their own internal logs. Showing
exactly what the user did – not just the underlying results – IT auditors can track files opened,
windows viewed and other specific UI activity.
“SOX Section 404 –Management’s Competency, Objectivity and Risk”

ObserveIT offers a ‘just-in-time policy messaging’ feature that delivers important
messages and updates about general corporate policies, or for specific applications and
servers. This ensures that all users have read and agreed to the security policies and
procedures before logging on, and are aware of either general or specific policies.
Contact us at: [email protected] | 1-800-687-0137 | www.observeit.com