The universe of companies required to comply with Sarbanes-Oxley is set to soar, now that a firm deadline has been imposed on smaller companies. You need to start now, of course. Which isn't going to be easy at companies that have not developed a strong compliance machinery. To that end, here's a list [1] of best-practices basics, which should get you started. Another way to get started comes from Axentis blogger Brett Curran. Obviously, he's a big believer in enterprise-wide GRC efforts. He offers a neat and perhaps useful grid [2] to get your thoughts about compliance organized.