Sarbanes-Oxley and the financial security law

Sections 409 and 404 are particularly demanding in terms of Internal Control over IT processes.

Section 409 requires rapid account closure, while 404 covers a range of internal control requirements for information systems.

Some examples: password management, access authentication, access management, infrastructure, segregation of duties, etc.

France’s Financial Security Act is a successor to SOX, dating from 2003 and known as the Mer Act. It is applicable to all anonymous societies and to all companies making public offerings.

It includes various components, mainly concerning executive directors’ responsibility, the reinforcement of governance around internal control and the reduction of sources involving conflicts of interest.