Skip to main content
Skip table of contents

SOX-COSO Deployment Guide – Meet the Compliance Requirements


The LogRhythm SOX COSO Compliance Package provides bundled reports, investigations, alarms, and log source lists to help you demonstrate regulation compliance. Your site compliance auditor will check for specific line-item regulations to be met by LogRhythm. This guide demonstrates how and when LogRhythm meets SOX COSO compliance.

This section describes each of the following for SOX COSO compliance:

  • Compliance Reporting for SOX COSO Auditors
  • Compliant Monitoring
  • Alarming
  • Audit Deliverables

Compliance Reporting for NRC Auditors

SOX COSO does not provide specific standards for compliance, only that the conditions of COSO’s Framework be met to ensure proper accounting. The responsibility of the SOX Compliance Manager is to verify the proper use of LogRhythm as well as the proper assurance of business processes that depend on LogRhythm for security and metrics. LogRhythm provides proof of compliance through the review of log data on a regular basis, automated monitoring through alarming, and manual and automated generation of reports.

Having LogRhythm operational is not enough to satisfy all requirements for SOX COSO. Your site must also review the analyzed data periodically in order to meet compliance. The LogRhythm Usage Auditing Event Detail reports show which activities are being performed, by whom and when. They show that people have been performing their duties by regularly performing investigations, generating reports, and handling routine administrative tasks.

Automated Security and Monitoring are required for SOX COSO principle activities, such as evidence of logs being collected, attacks being detected, and authentications being recorded. The standard report package for SOX COSO covers the areas where LogRhythm is used to meet compliance.

Compliant Monitoring

The Sarbanes-Oxley Act (SOX) requires accounting standards to be created by a third party for publicly traded businesses. SOX does not specify any requirements that directly apply to information technology, only that information technology is a part of the accounting systems requiring adequate protection.

LogRhythm is used primarily as an internal control. COSO defines internal control as a process designed to provide reasonable assurance of the following:

  • Operations are effective and efficient.
  • Financial reporting is reliable.
  • Compliance with regulations and the law.

Each business process is expected to conform to internal controls. COSO developed a framework that defines five interrelated components used for internal controls: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring. The LogRhythm compliance package addresses compliance by matching deliverables to the COSO Framework’s “20 Principles.”

LogRhythm supports SOX COSO in the following ways:

  • Provides metrics usable for LogRhythm’s operation in order to satisfy the need to have metrics of itself.
  • Provides monitoring and metrics for other organizational IT resources that may not have available metrics; or by themselves are not capable of meeting SOX COSO requirements.
  • Provides security analysis to ensure the reliability of financial information through the classification and analysis of IT security events.

Monitoring Requirements

SOX COSO requires monitoring. There is no specific requirement for how frequently or which details must be monitored, however the goal of SOX COSO is to protect the accounting systems from the threat of inaccuracies, such as fraud, corruption, destruction, and falsification. To protect these systems adequately, accounting systems must be able to monitor during critical cycles.

Although not specified, the monitoring compliance reports and investigations should be reviewed for all significant accounting events, such as Income Taxes, Payroll, and other activity that is periodically disclosed to the government.

Audit Deliverables

The SOX COSO Report Package can generate all the reports needed for auditing.

To start the process:

  1. From the LogRhythm Console, click Report Center.
  2. Select the Report Packages tab.
  3. Right-click the SOX COSO Report Package, and then click Run.

The SOX COSO report package must be run no less frequently than once per month to ensure all data is available for report generation. The deliverables that demonstrate adherence to SOX COSO are shown in the SOX-COSO—Requirements table.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close