Companies forced to comply with the Sarbanes-Oxley Act of 2002 and other legal and regulatory requirements are still struggling to define "best practices," to find the right balance of cost versus benefit, and to avoid redundancy moving forward. The newness of legislation such as the Sarbanes-Oxley Act has most companies scrambling to check the right compliance boxes, and many have lost sight of what the rulings were really aiming for--management accountability and a sound internal control environment. We've collected recently publishing articles from Information Systems Security and EDPACS on SOX compliance, which should be helpful regardless of where you stand in this morass of compliance.