1)   What is Sarbanes-Oxley Act? What are the key areas of IT that are examined during a Sarbanes-Oxley audit? What are the two key types of security policies and procedures that must be established to aid in Sarbanes-Oxley compliance?

2)   Research on laws for privacy of data in the Philippines like Sarbanes-Oxley Act. Search for any existing scenario or incident that happened in the Philippines wherein violation of this law was committed.

1)    What is Sarbanes-Oxley Act? What are the key areas of IT that are examined during a Sarbanes-Oxley audit? What are the two key types of security policies and procedures that must be established to aid in Sarbanes-Oxley compliance?

The Sarbanes-Oxley Act of 2002 is a federal law that established for auditing and financial regulations for public companies.

Lawmakers created the legislation to help protect shareholders, employees and the public from accounting errors and fraudulent financial practices.

Key areas of IT that are examined during a Sarbanes-Oxley audit

A SOX IT audit will look at the following internal control items:

 IT security: Ensure that proper controls are in place to prevent data breaches and have tools ready to remediate incidents should they occur.

 Access controls: This refers to both the physical and electronic controls that prevent unauthorized users from viewing sensitive financial information.

 Data backup: Maintain backup systems to protect sensitive data.

 Change management: This involves the IT department process for adding new users and computers, updating and installing new software, and making any changes to databases or other data infrastructure components.

Two key types of security policies and procedures that must be established to aid in Sarbanes-Oxley compliance?

• Confidentiality. This requirement ensures privacy of information and ensures that only authorized users can access the information.
• Integrity. This requires data and programs to be changed (added, modified or deleted) in an authorized manner.

2)    Research on laws for privacy of data in the Philippines like Sarbanes-Oxley Act. Search for any existing scenario or incident that happened in the Philippines wherein violation of this law was committed.

In 2012 the Philippines passed the Data Privacy Act 2012, comprehensive and strict privacy legislation "to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth." (Republic Act. No. 10173, Ch. 1, Sec. 2).

In July 2019, beauty retailer Sephora became a victim of a major data breach - which affected its customers in the Philippines. Stolen data included their names, email addresses, birthdates, encrypted passwords, and logs regarding their beauty preferences.