The pixel

Sarbanes-Oxley Act

The Sarbanes-Oxley Act (SOX) is a federal law designed to improve financial transparency and responsibility for U.S. public companies. It’s enactment in 2002 was prompted by several well-publicized accounting scandals. SOX established a number of standards for public companies to follow. From a data security perspective, two sections standout in providing high level guidance when it comes to understanding and implementing controls around financial data: 

  • Section 302 – financial reporting requirements 
  • Section 404 – internal controls reporting requirements

Related Terms


An acronym for nonpublic personal information.

“NPI is any personally identifiable financial information that a financial institution collects about an individual in connection with providing a financial product or service, unless that information is otherwise publicly available.

NPI is:

  • any information an individual gives you to get a financial product or service (for example, name, address, income, Social Security number, or other information on an application);
  • any information you get about an individual from a transaction involving your financial product(s) or service(s) (for example, the fact that an individual is your consumer or customer, account numbers, payment history, loan or deposit balances, and credit or debit card purchases); or
  • any information you get about an individual in connection with providing a financial product or service (for example, information from court records or from a consumer report).

NPI does not include information that you have a reasonable basis to believe is lawfully made publicly available."

For more information about “NPI” and “publicly available” data, please visit the Federal Trade Commission's webpage on GLBA compliance.

Learn More

An acronym of Cybersecurity Maturity Model Certification.

It is a security framework for Defense Industrial Base contractors to follow. CMMC 2.0 was announced by the Department of Defense in November 2021 and sets forth requirements for safeguarding Controlled Unclassified Information and other regulated data.

Learn More