http://www.s-ox.com/feature/detail.cfm?articleID=1067

>>There are multiple sections contained in the Sarbanes-Oxley compliance regulations and each of them presents their own challenges to different people in different areas of the organization. Section 409 requires that a company disclose information regarding material changes in the financial condition of the company.

More importantly is that these changes must be captured and reported in real-time. Section 409 has not yet gone into effect, but it is clearly on the horizon and its potential impact is far-reaching. The Securities and Exchange Commission (SEC), which is responsible for issuing guidelines for SOX, has yet to define exactly what is meant by "real-time" from an IT perspective, but it is clear that new ground is being broken in this area. What is clear today is that all events which could affect a company's finances, stock price or intellectual property (among other things) must be captured, documented with a process that can be audited and reported in a rapid fashion. This includes operational risk with IT systems such as:

• Major or extended system outages

• Loss of critical data

• Security breaches

• Intellectual Property and Digital Rights Management issues

• Major computer virus and worm attacks