Compliance Standards Library

SOX IT General Controls (ITGC)

  • Updated

SOX ITGC is a set of IT controls required to comply with the Sarbanes-Oxley Act. SOX compliance is mandatory for US public companies and is typically needed for companies seeking an IPO. ITGC aims to ensure that the technology used by different parts of the enterprise is used correctly, not leaving the company open to unnecessary risks. 


Who should follow ITGC?

  • Any organization looking to IPO.
  • The SOX Act affects all publicly traded US companies, regardless of industry.


What is the timeline for ITGC compliance? 

  • Approximately 40 hours of preparation. There is a significant overlap with other Vanta standards like SOC2 and ISO 27000. However, the scope of systems for ITGC is often a bit different. ITGC compliance will entail applying common information security controls to the organization's financial systems.


What can Vanta automate?

  • Vanta has automated technical tests and document requests to evidence every control.


Screenshot 2024-05-31 at 1.17.23 PM.png