SOX ComplianceSarbanes-Oxley Act
What is the Sarbanes-Oxley Act of 2002?
The Sarbanes-Oxley Act of 2002 (SOX) ushered in a new era of business rules regarding the storage and management of corporate financial data. Sarbanes-Oxley Compliance holds many publicly held companies and all registered public accounting firms to a rigorous set of standards. These rules set guidelines for how data should be stored, accessed, and retrieved. Read on for more information about how Global Data Vault supports Sarbanes-Oxley Compliance.
What does SOX mean for data backup and recovery? We’ll cover the key elements as follows:
- Section number
- Description of rule
- How Global Data Vault supports the regulation
Section 103: Auditing, Quality Control, And Independence Standards And Rules – The Board Shall:
- register public accounting firms;
- establish, or adopt, by rule, “auditing, quality control, ethics, independence, and other standards relating to the preparation of audit reports for issuers;” requires firms to “prepare, and maintain for a period of not less than 7 years, audit work papers, and other information related to any audit report, in sufficient detail to support the conclusions reached in such report.”
Global Data Vault’s online server backup software supports your efforts to prepare documents for a Sox Compliance audit and inspection. . It captures and stores your data to a remote server where the files are stored securely and safely until inspection. A backed up file can remain, indefinitely, on our servers until it is needed for audit or inspection. Our remote backup system allows access only to the correct username/password combination. As such, the file can be restored to your local desktop, either via the software client or through our Web Restore interface.
Inspections of Registered Public Accounting Firms Quality Inspections must be conducted annually. The SEC or the Board may order impromptu inspections of any firm at any time.
Again, Global Data Vault’s online backup software gives users on-demand access to their data. An inspector may access any file stored to the GDV remote backup system in order to perform the required inspection. Additionally, different historical versions of a file can be restored and inspected to compare and contrast a document’s revisions.
Investigations And Disciplinary Proceedings; Reporting of Sanctions All documents prepared or received by the Board are regarded “confidential and privileged as an evidentiary matter (and shall not be subject to civil discovery or other legal process) in any proceeding in any Federal or State court or administrative agency. This section continues…unless and until presented in connection with a public proceeding or [otherwise] released” in connection with a disciplinary action.
When you use Global Data Vault’s online backup software to backup your data, you are using some of the best encryption and data protection tools available to maintain complete confidentiality. From the moment you perform your first backup, your data is encrypted using 448 BIT encryption, the strongest available. The files themselves are encrypted on your computer before leaving your office – and remain encrypted until you access them again. Files are sent over port 308, a non-standard port designed to avoid the high traffic ports usually associated with Internet communications and hacking. Once stored on our servers, the files stay encrypted.
Corporate and Criminal Fraud Accountability Act of 2002 “Knowingly” destroying or creating documents to “impede, obstruct or influence” any federal investigation, whether it exists or is contemplated, is a felony.
We employ the latest online backup technology available to prevent unauthorized access to your data, and our data center is restricted to our administrators only. The data center uses state-of-the-art security including:
- Gigabit Internet connection
- 24/7 technical support, monitoring and remote hands
- N+1 redundancy on power, HVAC
- Fire, smoke and heat detection
- UPS and onsite diesel generators
- Controlled physical access
Mandatory Document Retention – This section instructs auditors to maintain “all audit or review work papers” for five years from the end of the fiscal period during which the audit or review was concluded. It also directs the Securities and Exchange Commission (SEC) to disseminate, within 180 days, any necessary rules and regulations relating to the retention of relevant records from an audit or review. Section 802 makes it unlawful knowingly and willfully to violate these new provisions — including any rules and regulations disseminated by the SEC — and imposes fines, a maximum term of 10 years’ imprisonment or both.
Global Data Vault’s online backup software supports Sarbanes-Oxley Compliance requirements for mandatory document retention by storing audit and review work papers for an indefinite amount of time. It captures multiple historical versions of those documents enabling auditors to access to multiple versions of the same document as it changed over time.
Section 1102: Tampering With a Record or Otherwise Impeding an Official Proceeding
This section criminalizes knowingly altering, destroying, mutilating, or concealing any document with the intent to impair the object’s integrity.
As a Veeam Service Provider, Global Data Vault’s online backup software provides world-class data protection and compliance. We protect your business by storing historical versions of documents that could potentially be the target of malicious destruction. Any file maliciously destroyed on a local PC or server could be restored in minutes from our secure servers. Global Data Vault’s online backup software effectively mitigates your risk of prosecution by protecting data integrity and availability for official proceedings
Veeam Software is an unusual participant in the Gartner Magic Quadrant given that they entered it in the visionary section, and were the first company to do so with only a virtualization offering.