System Security (SysSec)
Latest Evidence
| Name | Result | Last Seen | Weighting | Tags | |
|---|---|---|---|---|---|
No description available | Antivirus | 66/53.65853659/false/false Control Degraded (NotOK) 66% | 03/10/2025, 07:12:35 last observed | 50% | 50 |
No description available | Qualys | 16.5/0/false/false Control Degraded (NotOK) 16.5% | 03/10/2025, 07:12:41 last observed | 50% | 50 |
Description
Sys Sec: System Security controls allow an organisation to measure and demonstrate protections against potential data breaches, which may occur through exploitation of know vulnerabilities, or configuration weaknesses, in operating systems and applications running on in-scope systems.
Metadata
| Last Seen: | 2025-10-3 7:12:41 |
|---|---|
| Control Owner: | Owain Rowley (owain.rowley@quodorbis.com) |
| Control Approver: | Jason Wilkes (jason.wilkes@quodorbis.com) |
Links
Relationships
Tags
Entity Scope
Description
Calculations
Metadata
| Last Seen | |
|---|---|
| Control Type | |
| Control Owner | |
| Control Approver | |
| Target State | |
| Baseline State | |
| Monitored |
Events (Past 7 Days)
Relationships
Evidence Picker
Evidence
Manual Attestation
Risk Score
Org Chart
Metadata
Tags
Timeline
Discovered By
| Data Source | Last Seen By Data Source | State | Trend |
|---|
Evidence
SOX Regulation
The Sarbanes-Oxley Act (SOX) is a U.S. federal law that establishes requirements for financial transparency, internal controls, and accountability within publicly traded companies. It mandates organizations to implement strong access controls, monitor and log financial system activity, enforce segregation of duties, and ensure integrity in financial reporting. SOX compliance supports audit readiness and protects against fraud and unauthorized data manipulation.
SOX Controls Radar
DBA
73%PUAR
22%SOD
63%SysSec
41%UAR
52%SOX Targets & Status
SOX Overview
Controls
50.27%The global results for the five key areas of the SOX framework.
Status
OK: 0%
Degraded: 60%
Failed: 40%
Tags & Metadata
Last processed
7:15 AM on 03-10-2025
Item Type
Group
Monitored State
Monitored
Approver
Jason Wilkes
-
Downstream Items
Name Result Last Seen Trend DBA: Database administration controls ensure that adequate measure are undertaken to ensure appropriate access controls are enabled on financial databases, including periodic rotation of administrator and service account passwords.Database Administration (DBA) 73%.#FFBB02
73%03/10/2025, 07:13:49
last observedPUAR: Privileged User Access Reviews are part of the user account management and access control process(es), which involves a periodic review of privileged access rights for all of an organization’s employees and vendors. A privileged user access review usually includes re-evaluation of user roles, access rights and privileges. PUAR’s mitigate issues such as excessive access privileges and user role or account configuration errors.Privileged User Access Review (PUAR) 22%.#FF5961
22%03/10/2025, 07:13:23
last observedSOD: Segregation of Duties reviews are part of the user account management and access control process(es) to ensure that no user should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties. It is a key principle in financial control(s), aiming to reduce the risk of fraud and error, by breaking down processes so that no single person is responsible for every stage in a process.Segregation Of Duties (SOD) 62%.#FFBB02
62%03/10/2025, 07:12:55
last observedSys Sec: System Security controls allow an organisation to measure and demonstrate protections against potential data breaches, which may occur through exploitation of know vulnerabilities, or configuration weaknesses, in operating systems and applications running on in-scope systems.System Security (SysSec) 41%.#FF5961
41%03/10/2025, 07:12:41
last observedUAR: User Access Reviews are part of the user account management and access control process(es), which involves a periodic review of access rights for all of an organization’s employees and vendors. A user access review usually includes re-evaluation of user roles, access rights and privileges. UAR’s mitigate issues such as excessive access privileges and user role or account configuration errors.User Access Review (UAR) 51%.#FFBB02
51%03/10/2025, 07:13:10
last observedShowing 1 to 5 of 5 entries -
Historical Trend
SOX Controls Report
| Name/ID | Current | Trend | May | Jun | Jul | Aug | Sep | Oct |
|---|---|---|---|---|---|---|---|---|
Database Administration (DBA) | 73.3% | 73.3% | 73.4% | 73.3% | 73.3% | 73.3% | 73.3% | |
Segregation Of Duties (SOD) | 63.0% | 63.0% | 63.1% | 63.2% | 63.0% | 63.0% | 64.3% | |
Privileged User Access Review (PUAR) | 22.3% | 22.4% | 22.6% | 22.8% | 22.5% | 22.4% | 25.1% | |
User Access Review (UAR) | 51.5% | 51.6% | 51.7% | 51.9% | 51.7% | 51.6% | 53.3% | |
System Security (SysSec) | 41.3% | 41.3% | 41.3% | 41.3% | 41.3% | 41.3% | 41.3% |
SOX Controls Trends
SOD Violation Summary
SOD
System 1 - RSA - SOD
80%
3
Tickets0-2
3-7
8+
Sep 26 Oct 03
Avg Increase of 3%
System 2 - RSA - SOD
25%
3
Tickets0-0
1-4
5+
Sep 26 Oct 03
Avg Increase of 11%
System 3 - RSA - SOD
83.33%
3
Tickets0-1
2-13
14+
Sep 26 Oct 03
Avg Increase of 2%
PUAR Violation Summary
PUAR
System 1 - RSA - PUAR
50%
4
Tickets0-0
1-8
9+
Sep 26 Oct 03
Avg Increase of 7%
System 2 - RSA - PUAR
0%
4
Tickets0-0
1-4
5+
Sep 26 Oct 03
Avg Increase of 14%
System 3 - RSA - PUAR
16%
4
Tickets0-0
1-5
6+
Sep 26 Oct 03
Avg Increase of 12%
SOX Controls Table
| Title | Name/ID | Current | Threshold | State | Trend | Jun '25 | Jul '25 | Aug '25 | Sep '25 | Oct '25 | |
|---|---|---|---|---|---|---|---|---|---|---|---|
Database Administration (DBA) | DBA | 73.3% | overall score from combining underlying metrics/controls and graded in increments of 10 e.g >=90% = green | degraded | 73.4% | 73.3% | 73.3% | 73.3% | 73.3% | Description:DBA: Database administration controls ensure that adequate measure are undertaken to ensure appropriate access controls are enabled on financial databases, including periodic rotation of administrator and service account passwords. Tags:SOX Global | |
Privileged User Access Review (PUAR) | PUAR | 22.3% | overall score from combining underlying metrics/controls and graded in increments of 10 e.g >=90% = green | failed | 22.6% | 22.8% | 22.5% | 22.4% | 25.1% | Description:PUAR: Privileged User Access Reviews are part of the user account management and access control process(es), which involves a periodic review of privileged access rights for all of an organization’s employees and vendors A privileged user access review usually includes re-evaluation of user roles, access rights and privileges. PUAR’s mitigate issues such as excessive access privileges and user role or account configuration errors.. Tags:SOX Global | |
Segregation Of Duties (SOD) | SOD | 63.0% | overall score from combining underlying metrics/controls and graded in increments of 10 e.g >=90% = green | degraded | 63.1% | 63.2% | 63.0% | 63.0% | 64.3% | Description:SOD: Segregation of Duties reviews are part of the user account management and access control process(es) to ensure that no user should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties It is a key principle in financial control(s), aiming to reduce the risk of fraud and error, by breaking down processes so that no single person is responsible for every stage in a process.. Tags:SOX Global | |
System Security (SysSec) | SysSec | 41.3% | overall score from combining underlying metrics/controls and graded in increments of 10 e.g >=90% = green | failed | 41.3% | 41.3% | 41.3% | 41.3% | 41.3% | Description:Sys Sec: System Security controls allow an organisation to measure and demonstrate protections against potential data breaches, which may occur through exploitation of know vulnerabilities, or configuration weaknesses, in operating systems and applications running on in-scope systems. Tags:SOX Global | |
User Access Review (UAR) | UAR | 51.5% | overall score from combining underlying metrics/controls and graded in increments of 10 e.g >=90% = green | degraded | 51.8% | 51.9% | 51.7% | 51.6% | 53.3% | Description:UAR: User Access Reviews are part of the user account management and access control process(es), which involves a periodic review of access rights for all of an organization’s employees and vendors A user access review usually includes re-evaluation of user roles, access rights and privileges. UAR’s mitigate issues such as excessive access privileges and user role or account configuration errors.. Tags:SOX Global |