Introduction
The Sarbanes-Oxley Act of 2002 (SOX) is a U.S. federal legislation designed to reinforce company governance, monetary transparency, and the integrity of monetary knowledge for publicly traded corporations and people planning to go public by an preliminary public providing (IPO). The first aim of SOX is to guard traders by enhancing the accuracy of monetary reporting which is achieved by enforced inside controls that strengthen the reliability of monetary disclosures.
Data Expertise Normal Controls (ITGCs) play a necessary function in SOX compliance. They goal to make sure the safety, integrity, and reliability of IT methods that assist monetary reporting, serving to organizations forestall fraud and keep the belief of the general public and prospects.
The Databricks Information Intelligence Platform, which incorporates Unity Catalog, gives complete knowledge governance, centralized entry controls, auditing, and knowledge lineage capabilities. Databricks gives organizations the instruments to assist the implementation of ITGCs by securing knowledge, managing entry, and supporting compliance throughout knowledge and AI environments. Organizations are accountable for designing, implementing, and testing their controls and processes to align with their enterprise and regulatory necessities.
Additional, Databricks offers an ITGC greatest practices matrix that maps its platform options and capabilities, enabling organizations to align their technical controls with audit and compliance necessities effectively.
Scope
Databricks empowers IT safety and compliance professionals to fulfill key IT Normal Controls (ITGC) necessities, together with entry administration, change management, backup and restoration, and IT operations monitoring. This overview’s focused viewers is for IT safety and compliance professionals looking for sensible methods to implement and keep sturdy IT Normal Controls (ITGCs) utilizing Databricks.
What’s Unity Catalog?
Databricks Unity Catalog is the trade’s solely unified and open governance resolution for a corporation’s knowledge and AI throughout clouds and knowledge platforms. Its basis is the Databricks Information Intelligence Platform, which understands the distinctiveness of your knowledge and drives probably the most complete and unified governance resolution for all your firm’s knowledge and AI. And it’s constructed on a lakehouse to be open, scalable, low value, and excessive efficiency — the perfect of all worlds!
Safety and Shared Accountability Mannequin
The Databricks shared duty mannequin outlines the safety and compliance obligations of Databricks, the cloud service supplier (CSP), and the shopper regarding the knowledge and providers on the Databricks Platform. Databricks maintains documentation for purchasers primarily based on their cloud supplier implementation: AWS, Azure, or GCP.
ITGC Compliance: Finest Practices Matrix
As a part of the shared duty mannequin, Databricks operates as a hybrid platform SaaS supplier. It’s accountable for securing the platform’s infrastructure, whereas prospects are accountable for securing their knowledge, entry, and configurations throughout the platform. The platform offers a variety of built-in and configurable security measures, together with encryption, entry controls, audit logging, customer-managed keys, and community isolation.
For organizations using Databricks, sustaining ITGC compliance is important to making sure the safety, availability, and confidentiality of their knowledge. To help you in beginning your ITGC compliance journey, Databricks has created a high-level abstract information that outlines greatest practices for buyer capabilities.
We advocate that you just evaluation the perfect practices matrix beneath and collaborate together with your inside and exterior safety, compliance, and audit groups to align Databricks safety controls together with your group’s particular necessities.
Please confer with the mapping of ITGC Finest Practices to Databricks’ Buyer Capabilities right here.
Be aware: This doc and its accompanying management mapping steering are supplied for instructional functions solely and should comprise errors or omissions. We reserve the best to replace these supplies at any time, with out prior discover. Readers are strongly suggested to seek the advice of certified technical and authorized professionals to make sure correct management implementation and regulatory compliance.
Conclusion
Databricks offers a safe, sturdy platform providing prospects numerous knowledge governance and audit options to assist them meet their ITGC compliance obligations.
Subsequent Steps for ITGC Compliance with Databricks
- Discover Sources: Go to the Databricks Safety and Belief Heart to evaluation safety and compliance documentation, together with the Databricks SOC 1 Kind II stories.
- Leverage Unity Catalog: To satisfy ITGC necessities, use Unity Catalog for centralized governance, entry controls, and knowledge lineage monitoring. To get began with Unity Catalog, comply with our Unity Catalog information for AWS, Azure, and GCP.
- Undertake ITGC Finest Practices: Comply with Databricks’ ITGC matrix and collaborate together with your audit groups for compliance alignment.
- Have interaction Consultants: Contact your Databricks account workforce to deal with Databricks’ particular technical particulars associated to implementing ITGC-compliant options.
These steps will aid you optimize Databricks’ capabilities to fulfill your compliance objectives effectively.
