The Sarbanes-Oxley (SOX) Act of 2002 legislates how long and the manner in which companies are required to store their financial records. Created largely in response to the Enron and WorldCom scandals, SOX is designed to safeguard against accounting errors and other illegal financial activities. SOX specifically states that electronic records and messages (email/IM) must be saved for at least five years to ensure that auditors and other regulators can easily obtain requested documents.
How UbiStor Can Help
UbiStor helps organizations address these SOX rules without the need for additional equipment or services such as tape libraries, media and off-site media with the following solutions:
Storing financial records with UbiStor’s online backup and archive gives organizations the confidence in knowing that critical data is secure, yet quickly accessible. Electronically transporting records using industry-standard encryption to off-site secure locations where the data remains encrypted minimizes the chance of any unethical access or destruction of data.
UbiStor’s online backup, archiving solutions and managed services can help publicly traded businesses and companies (accounting firms) who conduct audits adhere to SOX by:
- Storing data at highly secure, off-site locations.
- Ensuring that critical records and communications remain encrypted.
- Utilizing disk-to-disk backup and retrieval, avoiding the hassles of backup tapes.
- Offering specialized solutions for storing, monitoring and archiving email and instant messages.
SOX contains three rules pertinent to managing electronically stored data:
Destruction, alteration, or falsification of records
Sec. 802(a) "Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both."
The required retention period for storage
Sec. 802(a)(1) "Any accountant who conducts an audit of an issuer of securities to which section 10A(a) of the Securities Exchange Act of 1934 (15 U.S.C 78j-1(a)) applies, shall maintain all audit or review work papers for a period of 5 years from the end of the fiscal period in which the audit or review was concluded.
The type of business records and electronic communications requiring storage
Sec. 802(a)(2) "The Securities and Exchange Commission shall promulgate, within 180 days, such rules and regulations, as are reasonably necessary, relating to the retention of relevant records such as work papers, documents that form the basis of an audit or review, memoranda, correspondence, communications, other documents, and records (including electronic records) which are created, sent, or received in connection with an audit or review and contain conclusions, opinions, analyses, or financial data relating to such an audit or review."
For more information please visit the Sarbanes-Oxley Act Community Forum website www.sarbanes-oxley-forum.com