Educause Security Discussion mailing list archives
Fw: Fw: Network Compliance
From: Melissa Guenther <mguenther () COX NET>
Date: Thu, 9 Dec 2004 07:28:55 -0700
I have been watching this thread and am very interested in any response dealing with SOX in a university setting. Some facts to date discovered: Officially Sarbanes Oxley does not apply to non-public companies. although higher ed holds itself to very high standards, required or not. And: -Trustees expect to take it seriously -States may require it -D&O insurers and rating agencies are asking about governance -GAO new independence standards There are those who believe that the "spirit" of Sarbanes-Oxley is right on track. And, for that matter, you don't have to implement all of the required elements to implement "the spirit." Rather, focus on the things that universities, as good stewards of the public trust, should really be doing anyway. Things like taking ownership for financial statements, holding themselves and others accountable for the financial perceptions that are created, and paying careful attention to the controls that are in place to be reasonably certain that all are operating at the highest level of integrity. lA question that seems to always come up - What are the issues related to the confidential reporting mechanism required in section 301.4?
----- Original Message ----- From: "Gibbs, Aaron M." <AMGibbs () ST-AUG EDU> To: <SECURITY () LISTSERV EDUCAUSE EDU> Sent: Tuesday, December 07, 2004 4:19 PM Subject: [SECURITY] Network Compliance Can anyone supply some feedback on what they are doing to address any issues regarding network compliance with the Sarbanes/Oxley Act and/or HIPAA? Is it a major concern for your institution? If not, why? If it is what steps are you taking to become and remain compliant? Would anyone recommend having a Risk Assessment conducted by an independent source? Aaron M Gibbs Director Networking and Telecommunications St. Augustine's College Center for Information Technology 919-516-4237 (Office) 919-516-4382 (Fax) amgibbs () st-aug edu www.st-aug.edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Network Compliance Gibbs, Aaron M. (Dec 07)
- <Possible follow-ups>
- Fw: Fw: Network Compliance Melissa Guenther (Dec 09)