Non-accelerated filers seem to have won a permanent reprieve from Sarbanes-Oxley 404(b) (Sarbanes-Oxley news), considered one of the most onerous financial control regulations. But that hardly means they can now turn their backs on all compliance activity.

Many are acutely aware of the need for solid GRC programs, and we're seeing more vendors rush into the market. eGestalt, for example, just announced the availability of its SecureGRC. It touts the service as an all-in-one solution for small- and medium-sized companies, one that can cut the time needed to meet regulatory requirements significantly.

Small companies, perhaps more so than large ones, ought to fear the fallout from breaches of information security, botched risk management and blown-up IT controls. It frankly wouldn't take much to bring a small company to its knees. But getting started can be daunting, to be sure. Large companies learned the hard way.

Perhaps the best approach is to go slow and develop a realistic and sensible roadmap. There are many vendors who will tout their holistic approaches, but for many companies a silver bullet is simply a pipe dream. You have to get there one day, just not in one step. A multi-year roadmap would seem to be the best bet.

For more:
- here's the release from eGestalt

Related Articles:
Non-accelerated filers again face 404(b) uncertainty
Update: 404(b) compliance for small companies
Small company 404(b) exemption to survive
Saying "no" to the small business 404(b) exemption