Not even the U.S. Postal Service can escape Sarbanes-Oxley, it seems. FederalTimes.com reports that the 2006 Postal Enhancement and Accountability Act (PDF) requires the Postal Service to implement Sarbanes-Oxley controls by 2010. Toward that goal, the postal service formed an IT SOX team, the story says:
Among the most significant activities facing the IT SOX team is the development of control activities, which must be documented and subsequently tested. This process began with an assessment of IT policies, processes and controls measured using IT governance frameworks including COBIT (Control Objectives for Information and related Technology), ITIL (Information Technology Infrastructure Library), and other sources of best-practices for IT control. The assessment resulted in a list of gaps, which will be addressed as key controls are developed.
The agency also intends to set up a Web-based IT manual to serve as a repository of IT documentation and policies, according to U.S. Postal Service CTO George Wright. The Web site/IT manual is also intended to simplify IT project management and facilitate fulfilling audit requests.