Get Your Questions Answered About Sage Fixed Assets Software and SOX Compliance
In 2002, the Sarbanes-Oxley (SOX) Act established strict rules and requirements surrounding financial controls for US public companies and their wholly owned subsidiaries. SOX is heavily enforced by the no-nonsense team at the SEC, and noncompliance can be extremely costly and damaging.
Since Sage Fixed Assets is one of the most widely used fixed asset planning, tracking, depreciation, and reporting solutions across the US, the Paragon fixed asset experts often hear the question: Is Sage Fixed Assets software SOX compliant?
Breathe a sigh of relief. The quick answer is YES.
Now let’s talk about the details.
4 Key Areas Where Sage Fixed Assets Software + Secure Cloud Hosting from Paragon Help You Achieve SOX Compliance
The Sarbanes-Oxley Act was created as a response to the accounting debacles at Enron and WorldCom. Therefore, its foundational principles rest on maintaining data accuracy and integrity for financial records.
As public companies familiarize themselves with every detail of SOX-compliant processes, they will realize SOX Section 404 compliance focuses on 4 general areas.
Sage Fixed Assets, paired with Paragon’s secure Sage Fixed Assets cloud hosting services, meet or exceed all 4 of these areas to help you achieve SOX Section 404 compliance and demonstrate your financial data excellence.
- Access control
Sage Fixed Assets restricts database access to authorized users with proper permissions and relies on user-defined security to limit what each user can access and modify. This detailed access control helps prevent errors as well as fraud.
Paragon’s secure cloud hosting takes these capabilities a step further with our one-of-a-kind Summit Secure Workspace. This collection of security features, tools, and services is engineered to identify, log, and eliminate threats from suspicious activity or unauthorized access. Summit Secure Workspace also collects forensic “breadcrumbs” to aid in future investigations.
The Summit Secure Workspace includes:
- SentinelOne – our enterprise-grade endpoint detection and response solution (EDR) constantly searches for suspicious activity across all devices that access your Fixed Assets data. It immediately shuts down any suspicious activity it finds.
- TruGrid – our unique remote desktop protocol (RDP) solution delivers a zero-trust tunnel into your Fixed Assets environment, preventing data siphoning from data-in-transit.
- Guardicore – our proprietary micro-segmentation engine expands on our zero-trust capabilities to create cross-server access gates that stop lateral spread. This limits damage if a malicious actor were to break in. It also prevents insider attacks.
To further ensure SOX-compliant access controls, Paragon manages and strictly enforces industry-leading password protocols. Every user must have their own fully unique, never-before-used password, which is 10 characters long and alphanumeric with at least 1 capital letter, 1 number, and 1 special character. To take the burden of password management off your IT department, Paragon handles all user access changes into your Sage Fixed Asset environment, including password resets and remote access. Multifactor authentication (MFA) is optional but highly recommended.
- Sensitive data security
Sage Fixed Assets software meets data security requirements through asset templates and SmartLists. These promote data integrity and help ensure company-wide adherence to approved policies and procedures. In addition, since Fixed Assets is based on GAAP-compliant depreciation and averaging conventions, you can trust that your data integrity will maintain consistency even when entered by different users, departments, or geographical locations.
Paragon’s secure cloud hosting boosts Sage’s built-in data security with full IT maintenance and 24/7 data intrusion monitoring for our cloud-hosted accounts. This includes:
- Managing and scheduling updates and patches
- 256-bit encryption, including encrypted logins
- Dual-layer cloud environment access security
- Antivirus on all servers, plus proxy server tech for added security
- SSL certifications and PCI compliance
- TruGrid Cloud Shield (recommended), which provides end-to-end encryption, an active directory shield, and multifactor authentication, as well as firewall protection from all access points: on premises and remote
- Data backup
Sage Fixed Assets software supports SOX-compliant backup requirements and makes it easy to restore your critical financial data.
Paragon’s secure cloud hosting takes data backups to the next level, providing business continuity that will seamlessly rollback your environment to just before an attack or outage, and our backups take mere minutes.
In addition, we hold your backups for 15 days and store them securely offsite. We also can review your disaster recovery procedures with you, so you can trust that you’ll have a workable plan when you need it.
Sage Fixed Assets makes SOX compliance easy with great documentation. By selecting the Premier version of Fixed Assets, which runs on SQL Server, users will have access to a specialized, SOX-compliant series of Utility Reports. These were specially designed to help prepare your company with the documentation you will need for your SOX Section 404 Audit.
These Utility Reports include:
- Asset Reports that deliver information about a company’s assets, including history events, general ledger codes, customized groups, SmartLists, and templates
- Company Reports that contain relevant information about the company, including the setup, names of all the databases and companies in the system, and customized reports
- Security Reports that clearly identify key information about the security setup, including the security status, company and system access by user, company profile definitions and assignments, and system profile definitions and assignments
Sage Fixed Assets software also provides detailed financial fixed asset reporting capabilities and audit trails / milestone tracking.
Paragon’s secure cloud hosting provides the SSAE 18 Type II Certification your company requires from a services partner to maintain your own SOX compliance. Remember: as a public company, you don’t simply need to ensure that you meet SOX Section 404 compliance, you need to ensure that any service providers who may access your data are fully compliant as well.
At Paragon, we know what you’re up against when it comes to SOX compliance. Our SSAE 18 Type II Certification demonstrates that we maintain adequate controls in place over time and that we consistently document how those controls are managed over time. When considering a cloud provider for your company’s financial data, always make sure they are SSAE 18 Type II Certified.
SOX Compliance Creates a Severe Burden on Your IT Department… But You Don’t Have to Handle It Alone
SOX’s Section 404 calls for strict auditing, logging, and monitoring across all: internal controls, network and database activity, user access and logins, and sensitive data. To meet Section 404’s requirements, your company must set up and enforce new and detailed processes, painstakingly document what you’re doing, and maintain full audit logs.
This is a lot of work.
Seasoned IT staff often feel overwhelmed simply imagining what it would take to set up and maintain SOX-compliant processes. For most IT departments, the actual processes are overwhelming.
After all, SOX compliance requires constant attention, unfailing adherence to time-consuming IT maintenance procedures, and detailed documentation of that attention and those procedures. All of this is in addition to your IT team’s current crushing workload.
The stakes are high. If your IT department commits even a few accidental oversights, those seemingly minor compliance infractions are likely to result in not-so-minor fees and penalties. Are you willing to take that risk?
Fortunately, there’s an easy way for you to avoid these issues: turn to Sage Fixed Assets software with secure cloud hosting from Paragon.
Serving clients since 1985, Paragon International, Inc. provides independent, impartial and accurate cost segregation analyses, and property valuations and appraisals to assist in and support decisions related to taxes, risk management, investment, financing and corporate planning. Our consultants have extensive fixed asset experience – they’re fixed asset experts. Because of that we are able to offer a unique combination of irreplaceable human resources and advanced technology. We have specialists experienced in valuing closely-held securities, patents and other intangible assets, business enterprises, buildings, equipment and real estate. In addition, Paragon provides complete inventory and asset management services and solutions, including software customization and training, barcode labels and scanners, and tailored inventory services such as data conversion and integration, asset inventories, asset policies, cost reconciliation, and appraisal services. Contact Paragon International to discover how we can help you.