Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Fw: Fw: Network Compliance

From: Melissa Guenther <mguenther () COX NET>
Date: Thu, 9 Dec 2004 07:28:55 -0700
I have been watching this thread and am very interested in any response dealing with SOX in a university setting.  

Some facts to date discovered:
Officially Sarbanes Oxley does not apply to non-public companies. although higher ed holds itself to very high 
standards, required or not.
And: 
-Trustees expect to take it seriously 
-States may require it 
-D&O insurers and rating agencies are asking about governance 
-GAO new independence standards
There are those who believe that the "spirit" of Sarbanes-Oxley is right on track.  And, for that matter, you don't 
have to implement all of the required elements to implement "the spirit."   Rather, focus on the things that 
universities, as good stewards of the public trust, should really be doing anyway.  Things like taking ownership for  
financial statements, holding themselves and others accountable for the financial perceptions that are created, and 
paying careful attention to the controls that are in place to be reasonably certain that all are operating at the 
highest level of integrity.
  
lA question that seems to always come up - What are the issues related to the confidential reporting mechanism required 
in section 301.4? 

----- Original Message ----- From: "Gibbs, Aaron M." <AMGibbs () ST-AUG EDU>
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Tuesday, December 07, 2004 4:19 PM
Subject: [SECURITY] Network Compliance


Can anyone supply some feedback on what they are doing to address any 
issues regarding network compliance with the Sarbanes/Oxley Act and/or 
HIPAA? Is it a major concern for your institution? If not, why? If it is 
what steps are you taking to become and remain compliant? Would anyone 
recommend having a Risk Assessment conducted by an independent source?

Aaron M Gibbs
Director
Networking and Telecommunications
St. Augustine's College
Center for Information Technology
919-516-4237 (Office)
919-516-4382 (Fax)
amgibbs () st-aug edu
www.st-aug.edu

**********
Participation and subscription information for this EDUCAUSE Discussion 
Group discussion list can be found at http://www.educause.edu/groups/.




**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.
Previous By Date Next
Previous By Thread Next

Current thread: