The Sarbanes–Oxley Act of 2002 (SOX) strengthens requirements for financial reporting by publicly held companies. Although not directly related to information security, as a side effect, SOX auditing has come to incorporate substantial documentation of network and data integrity. Because most corporate financials are generated, transmitted, and stored via electronic systems, as a practical matter, SOX has become one of the main drivers for IT security compliance activities.
References:
http://www.jasonkolb.com/weblog/2006/04/web_20_security_1.html