Certified CARE assists with the following:

• Reliability:
  • System availability reports
  • System O\S reports
  • Network Utilization (NIC card)
  • Overall alerts/notification system
  • Exchange, Notes, Email application monitoring
• Security:
  • Vulnerability assessments
  • Firewall monitoring
  • Patch assessment

• Automatic archival of all reports for up to one year

Requires a statement of management’s responsibility for establishing and maintaining adequate internal control over financial reporting for the company, attested to by the company’s auditor.

• Includes an assessment of the controls and identification of the framework used for the assessment.
  

Critical systems may include but are not limited to:

• Documentation/records management tool
• Asset inventory
• Layered security mechanisms to protect integrity of data

Reporting of material process changes** every quarter

• Process changes to meet compliance must be documented and implemented by the IS organization.
• Because the processes and internal controls are implemented principally in IT systems, section 404 audits involve a detailed assessment of those systems.
• Process used to generate statements must be accurate and meet the committee of sponsoring organizations of the Treadway Commission Standard
• Enterprises must pass Section 302 & 404 audits before filing
  

Certified CARE helps CIO’s address the assessment, identification and documentation of internal controls:

• Use Certified CARE to take a quick “snapshot” and baseline network activity to establish what constitutes “normal” activity for comparison purposes
• Asset report automatically discovers and documents resources across the IT infrastructure
• Asset reports automatically identify all moves, adds, and changes
• Notify on changes in access policies, changes in firewall configurations, router configurations, disk drive removals, and environmentals
• Documentation of security controls:
  • firewall logs
  • intrusion monitoring
  • vulnerability assessment
  • patch assessment
  • assurance that virus updates are current
  • Better differentiate between Denial of Service attacks and legitimate increases or spikes in network traffic
  • Aggregated firewall reports ensure firewall is in compliance with organization security policy
  • Archive up to one year’s worth of history
    

• Proactive use of IT solutions such as Certified CARE enable earlier detection and mitigation of material events with some of the following capabilities:
• Overall monitoring, alerting and notification system on network, system, application and security issues
• Use of thresholds, severity and time-based alerts and escalations