Sarbanes-Oxley (SOX) compliance like other compliance regulations requires a company, some kind of process to manage IT infrastructure, either manually or in automated manner. The ideal process for meeting compliance regulations posed by SOX is through process automation. With SOX compliance, companies would no longer be able to go ahead by managing IT infrastructure in ad-hoc manner.

An automated and effective change and configuration management software must have features which could deliver all the requirements posed by SOX compliance. Following are requirements (SOX Section 404) vs features to be present in such product managing change and configuration:

• Company-level control including corporate governance, enterprise policies, and information sharing: The change management product should provide answers to all of the following:
  
  1. Who is owner of what IT infrastructure?
  2. Who is responsible for change?
  3. Who could change the configuration?
  4. How many change has occured?
  5. Are all best practices met?
  
  

• Application control for ERP/financial systems and other specialized applications covering areas such as validation, accuracy, authorization etc: The configuration change management product should be able to do the following:
  
  1. Are all softwares up-to-date?
     
  2. Have any licences expired?
     
  3. What IT infrastructure do I have?
  4. Are best practices enforced and met?
  
  

• IT general control: The change, configuration management software must be able to provide following features:
  
  1. How many change have occured over last scheduled time?
  2. Knowledge of controlled access of computer programs?
  3. What configuration must not be subjected to change?