The Sarbanes-Oxley (SOX) Act of 2002 impacts publicly traded U.S. based companies as well as private and international entities that exchange financial information with these companies. Information Technology (IT) managers are finding themselves accountable for the protection of sensitive information flowing into and out of the organization, as well as for knowing who has access to this information and how it may be accessed. To facilitate SOX compliance, the IT manager is responsible for reporting that financial data has been maintained in a secure manner. Additionally, the Chief Financial Officer and Chief Executive Officer are then able to certify the corporation's compliance with SOX at financial reporting time. An external SOX auditor must then formally render an opinion on the corporation's IT policies and practices.

Today's IT practices, especially where SOX Section 404 (the internal controls governing financial information) applies, generally fall into four categories: security, change management, development/implementation, and disaster recovery. Traditional tools that are used for security and change management rely on logins, passwords and possibly VPN access for user authentication and authorization. Tools that are used for development, implementation and disaster recovery largely rely on manual documentation, recorded in either electronic or paper format. Preparation for a SOX audit typically consumes hundreds of hours to review this recorded information and verify controls and data.

An Intelligent Physical Layer Management (IPLM) solution is a system of hardware and software monitoring components that automatically track critical assets and trace physical data pathways in the IT enterprise. Through a combination of static inventoried demarcation points and active monitoring of connectivity all contained in a dynamic database, IT managers are utilizing their IPLM systems to speed the process and accuracy of their reporting. How does an IPLM system assist with SOX? This technology can ensure the security of the physical layer, automate both the certification and documentation of the physical layer, and reduce the cost associated with preparation for a SOX audit. Implementation of an IPLM system provides visibility and traceability of all physical layer connections from the network switch to the network endpoint device. The visibility provided by these systems eliminates the ambiguity typically associated with the copper and fiber connection points within the facility. Security frameworks typically ignore the physical side of the network and focus on the client access characteristics including login, password, media access control (MAC) and Internet Protocol (IP) address. IPLM systems can certify the physical pathway for sensitive information, including ingress and egress locations down to the geographic location (building, floor, room and patch panel or wall outlet).

The table below describes the enhancements that an IPLM system offers to IT practices that are impacted by SOX:

In summary, the utilization of an Intelligent Physical Layer Management system can provide certifiable information on the security of the physical layer of the network and lessen the impact on the organization when preparing for a SOX audit. Beyond SOX, an IPLM system can reduce costs by streamlining day-to-day operations, reducing errors in moves, adds and changes to the physical layer and ensuring the availability and security of corporate data in dynamic enterprise environments. For instance, disaster recovery strategies are in the forefront of many corporate security offices. IPLM systems that mirror the change control database can assist in data center and enterprise configuration information recovery in the event of a disaster. In situations where data warehousing protects critical information, it is just as important to restore the content as it is to restore the physical infrastructure of the information pathways that access this data. For organizations searching for optimum availability and security of their physical infrastructure, the IPLM system is a critical solution that provides far-reaching benefits.

Michael Pula is a Product Line Manager at PANDUIT Corp. For more information, contact PANDUIT: web: www.panduit.com; email: cs@panduit.com; phone: 800-777-3300.