Introduction
The Sarbanes-Oxley Act of 2002 (SOX) is a U.S. federal legislation designed to boost company governance, monetary transparency, and the integrity of monetary information for publicly traded firms and people planning to go public by way of an preliminary public providing (IPO). The first purpose of SOX is to guard buyers by bettering the accuracy of monetary reporting which is achieved by way of enforced inner controls that strengthen the reliability of monetary disclosures.
Info Expertise Common Controls (ITGCs) play an important position in SOX compliance. They purpose to make sure the safety, integrity, and reliability of IT methods that help monetary reporting, serving to organizations forestall fraud and preserve the belief of the general public and clients.
The Databricks Information Intelligence Platform, which incorporates Unity Catalog, gives complete information governance, centralized entry controls, auditing, and information lineage capabilities. Databricks gives organizations the instruments to help the implementation of ITGCs by securing information, managing entry, and supporting compliance throughout information and AI environments. Organizations are liable for designing, implementing, and testing their controls and processes to align with their enterprise and regulatory necessities.
Additional, Databricks offers an ITGC greatest practices matrix that maps its platform options and capabilities, enabling organizations to align their technical controls with audit and compliance necessities effectively.
Scope
Databricks empowers IT safety and compliance professionals to satisfy key IT Common Controls (ITGC) necessities, together with entry administration, change management, backup and restoration, and IT operations monitoring. This overview’s focused viewers is for IT safety and compliance professionals in search of sensible methods to implement and preserve strong IT Common Controls (ITGCs) utilizing Databricks.
What’s Unity Catalog?
Databricks Unity Catalog is the trade’s solely unified and open governance resolution for a corporation’s information and AI throughout clouds and information platforms. Its basis is the Databricks Information Intelligence Platform, which understands the distinctiveness of your information and drives essentially the most complete and unified governance resolution for your whole firm’s information and AI. And it’s constructed on a lakehouse to be open, scalable, low price, and excessive efficiency — the most effective of all worlds!
Safety and Shared Duty Mannequin
The Databricks shared accountability mannequin outlines the safety and compliance obligations of Databricks, the cloud service supplier (CSP), and the shopper regarding the information and providers on the Databricks Platform. Databricks maintains documentation for patrons based mostly on their cloud supplier implementation: AWS, Azure, or GCP.
ITGC Compliance: Finest Practices Matrix
As a part of the shared accountability mannequin, Databricks operates as a hybrid platform SaaS supplier. It’s liable for securing the platform’s infrastructure, whereas clients are liable for securing their information, entry, and configurations throughout the platform. The platform offers a spread of built-in and configurable security measures, together with encryption, entry controls, audit logging, customer-managed keys, and community isolation.
For organizations using Databricks, sustaining ITGC compliance is crucial to making sure the safety, availability, and confidentiality of their information. To help you in beginning your ITGC compliance journey, Databricks has created a high-level abstract information that outlines greatest practices for buyer capabilities.
We advocate that you simply evaluation the most effective practices matrix under and collaborate along with your inner and exterior safety, compliance, and audit groups to align Databricks safety controls along with your group’s particular necessities.
Please discuss with the mapping of ITGC Finest Practices to Databricks’ Buyer Capabilities right here.
Notice: This doc and its accompanying management mapping steering are offered for instructional functions solely and will comprise errors or omissions. We reserve the suitable to replace these supplies at any time, with out prior discover. Readers are strongly suggested to seek the advice of certified technical and authorized professionals to make sure correct management implementation and regulatory compliance.
Conclusion
Databricks offers a safe, strong platform providing clients numerous information governance and audit options to assist them meet their ITGC compliance obligations.
Subsequent Steps for ITGC Compliance with Databricks
- Discover Assets: Go to the Databricks Safety and Belief Heart to evaluation safety and compliance documentation, together with the Databricks SOC 1 Sort II experiences.
- Leverage Unity Catalog: To fulfill ITGC necessities, use Unity Catalog for centralized governance, entry controls, and information lineage monitoring. To get began with Unity Catalog, observe our Unity Catalog information for AWS, Azure, and GCP.
- Undertake ITGC Finest Practices: Comply with Databricks’ ITGC matrix and collaborate along with your audit groups for compliance alignment.
- Have interaction Consultants: Contact your Databricks account staff to deal with Databricks’ particular technical particulars associated to implementing ITGC-compliant options.
These steps will make it easier to optimize Databricks’ capabilities to satisfy your compliance objectives effectively.
