Who is the third party SOX consulting company helping your company establish SOX controls? KPMG, Price Waterhouse, Deloitte & Touche? Ask them!!
-----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Praveen Kumar Sent: Tuesday, September 16, 2008 2:02 PM To: [email protected] Subject: RE: [EDI-L] Encryption or Clear Text Thanks Mike & Earl. Is there any portal where the SOX compliance checklist for an EDI system are legibly documented ? Regards Praveen --- On Wed, 9/17/08, Kotoyan, Michael <[EMAIL PROTECTED]> wrote: From: Kotoyan, Michael <[EMAIL PROTECTED]> Subject: RE: [EDI-L] Encryption or Clear Text To: [EMAIL PROTECTED], [email protected] Date: Wednesday, September 17, 2008, 2:07 AM We are a SOX compliant EDI department and clear text is absolutely out of the question. Everything coming in or going out is encrypted. For Sterling we use their SFTP site. It's not just Sterling genius, it's SOX General Computer Controls (404). Now we also use another van and we have about 60 direct connects and nothing is clear text. So I lived through this painful process of converting everyone. In your case since you have one destination for inbound and outbound data, this should be a piece of cake for your. Just convert from regular FTP to SFTP. They give a test SFTP site and mailbox to pound on while you are testing and all you will need is an SFTP client. How does your argument that it's 'one destination' solve the fact that your data is clear through regular FTP with absolutely no encryption? On the other hand if you have gotten away without your SOX auditors noticing this, you have doing pretty good!!!!!!! Michael Kotoyan, PMP® SAIC EDI Team Direct: 858-826-3905 Mobile : 858-348-7524 Email: [EMAIL PROTECTED] From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Praveen Kumar Sent: Tuesday, September 16, 2008 1:27 PM To: [email protected] Subject: [EDI-L] Encryption or Clear Text Hello, I was fed up last week runing into a debate with a Sterling C:D consultant on SOX compliance. We solely use Sterling Commerce VAN for transmitting all EDI messages to our trading partners. Open FTP with no encryption is being used for sending/receiving messages to/from from Sterling VAN. As per the Sterling genius, all messages going out of the organization should be encrypted irrespective of the destination - whether VAN or the partner else I don't comply to SOX guidelines. Counter to this point, I argued that with just one single destination, there is no requirement of having this additional step and its an unnecessary overhead. Any thoughts? Regards Praveen [Non-text portions of this message have been removed] [Non-text portions of this message have been removed] ------------------------------------ ... Please use the following Message Identifiers as your subject prefix: <SALES>, <JOBS>, <LIST>, <TECH>, <MISC>, <EVENT>, <OFF-TOPIC> Job postings are welcome, but for job postings or requests for work: <JOBS> IS REQUIRED in the subject line as a prefix.Yahoo! Groups Links ------------------------------------ ... Please use the following Message Identifiers as your subject prefix: <SALES>, <JOBS>, <LIST>, <TECH>, <MISC>, <EVENT>, <OFF-TOPIC> Job postings are welcome, but for job postings or requests for work: <JOBS> IS REQUIRED in the subject line as a prefix.Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/EDI-L/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/EDI-L/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
