SOX
IT general controls, change management, and access governance to support SOX 404 readiness and clean financial audits.
SOX
← All services
Service · Compliance / GRC
Compliance, built into how your systems run.
Governance, risk, and compliance across SOX, GDPR, and CCPA — designed into delivery, with controls, evidence, and audit readiness maintained as systems operate, not reconstructed at audit time.
01 · What we cover
Three frameworks, one disciplined approach.
We map each framework to concrete controls, owners, and evidence — so obligations are demonstrable, not aspirational.
GDPR
Data-protection controls, data-subject request handling, records of processing, and privacy-by-design across the data lifecycle.
GDPR
CCPA
Consumer-rights workflows, data inventory and mapping, and disclosure controls aligned to California privacy requirements.
CCPA
02 · How we work
Controls and evidence, maintained as you operate.
ITGC controls
Designing and operating IT general controls across access, change, and operations — the foundation auditors test first.
Evidence & readiness
Continuous evidence collection so an audit is a confirmation, not a scramble. Artifacts captured as work happens.
Access reviews
Periodic access certification and least-privilege enforcement across systems and data stores.
Data privacy
Data mapping, minimization, and retention aligned to GDPR and CCPA obligations.
Continuous monitoring
Control monitoring and remediation tracking between audit cycles, so posture holds year-round.
03 · Our own posture
We hold ourselves to the standard we deliver.
Aner Group is independently audited for SOC 2 Type II compliance by A-LIGN. The same controls and evidence discipline we bring to client environments govern our own.
Certified
SOC 2
Independently audited for SOC 2 Type II compliance by A-LIGN.