The Sarbanes-Oxley Act of 2002 is a United States federal law designed to protect shareholders and the general public. Often referred to as SOX, it was enacted by the U.S Congress on 30 July 2002. The aim of this legislation is to set standardized requirements for all U.S. public company boards, management and public accounting firms. The legislation also includes provisions to prevent fraudulent practices for private companies, as well as improve the accuracy of corporate disclosures.
SOX came about a result of large corporate financial scandals in the early 2000s involving Enron, WorldCom, Global Crossing and Arthur Andersen. It also affects any UK companies trading on the U.S. Stock Exchange.
All publicly-traded companies are required to submit an annual report of the effectiveness of their internal accounting controls to the US Securities and Exchange Commission (SEC). Essentially, SOX legislates what used to be IT security best practices. The major provisions of the Sarbanes Oxley Act include criminal and civil penalties. Anyone who knowingly alters, falsifies, destroys, or otherwise tampers with a document or record can be fined and/or imprisoned for up to 20 years.
The Need for an Archiver
So, what is SOX compliance when it comes to an average business operation? All relevant audit-related documentation must be retained for a period of at least seven years. This includes contracts, policies, authorizations, verifications, recommendations, performance reviews, and financial data.
SOX also addresses the need for companies to effectively manage risk in all its forms. This includes ensuring that data residing on corporate computers is adequately archived and protected from damage or tampering. To comply with SOX effectively, an archiving system is an essential requirement. This archiver will meet the needs of saving large amounts of data in a secure manner.
What should I do?
- Sarbannes-Oxley is actually quite broad. This means it’s not always straightforward to find out what the specific requirements for your company are. Take the time to understand how you maintain SOX compliance and retain anything financially related in a secure location.
- Once you understand the legislation, look at how you’re currently storing information, how it is distributed and how secure your network is. SOX states that no information can be altered, manipulated or destroyed; this mean you will need procedures in place to prevent this.
- You will then need to find a solution that archives your information securely and allows for easy data retrieval. Any solution you choose must be fully compliant so you can see how it will fit into your compliance strategy.
- When you have chosen your archiving solution, watch for any risks of data being corrupted or damaged as it is migrated over to the new system.
- Setting up your archiver is not the end of the story. Compliance is an on-going process so be sure to continuously assess security risks and manage all email content to stay fully compliant. It is always best to identify any risks before they become serious issues.