The Sarbanes-Oxley Act requires public companies to maintain effective internal controls over financial reporting, with Section 302 and 404 creating personal liability for CEOs and CFOs and external auditor attestation requirements that make IT general controls — access controls, change management, and audit logging — a direct financial reporting obligation. Zero Trust access governance directly addresses SOX ITGC requirements by enforcing segregation of duties, providing immutable access audit trails, and enabling continuous compliance monitoring rather than point-in-time assessments that leave organisations exposed between annual audits.
Related: Financial · Banking · Identity Governance & Admin · Privileged Access · SIEM