Sarbanes-Oxley compliance

Sarbanes-Oxley Act of 2002

The Sarbanes-Oxley Act of 2002 (SOX) ushered in a new era of business rules regarding the storage and management of corporate financial data. Sarbanes-Oxley Compliance holds many publicly held companies and all registered public accounting firms to a rigorous set of standards. These rules set guidelines for how data should be stored, accessed, and retrieved. Read on for more information about how Global Data Vault supports Sarbanes-Oxley Compliance.

What does SOX mean for data backup and recovery? We’ll cover the key elements as follows:

  • Section number
  • Description of rule
  • How Global Data Vault supports the regulation
Section 103: Auditing, Quality Control, And Independence Standards And Rules – The Board Shall:
  1. register public accounting firms;
  2. establish, or adopt, by rule, “auditing, quality control, ethics, independence, and other standards relating to the preparation of audit reports for issuers;” requires firms to “prepare, and maintain for a period of not less than 7 years, audit work papers, and other information related to any audit report, in sufficient detail to support the conclusions reached in such report.”

Global Data Vault’s online server backup software supports your efforts to prepare documents for inspection and audit. It captures and stores your data to a remote server where the files are stored securely and safely until inspection. A backed up file can remain, indefinitely, on our servers until it is needed for audit or inspection. Our remote backup system allows access only to the correct username/password combination. As such, the file can be restored to your local desktop, either via the software client or through our Web Restore interface.

Section 104:

Inspections of Registered Public Accounting Firms Quality Inspections must be conducted annually. The SEC or the Board may order impromptu inspections of any firm at any time.

Again, Global Data Vault’s online backup software gives users on-demand access to their data. An inspector may access any file stored to the  GDV remote backup system in order to perform the required inspection. Additionally, different historical versions of a file can be restored and inspected to compare and contrast a document’s revisions.

Section 105(d):

Investigations And Disciplinary Proceedings; Reporting of Sanctions All documents prepared or received by the Board are regarded “confidential and privileged as an evidentiary matter (and shall not be subject to civil discovery or other legal process) in any proceeding in any Federal or State court or administrative agency. This section continues…unless and until presented in connection with a public proceeding or [otherwise] released” in connection with a disciplinary action.

When you use Global Data Vault’s online backup software to backup your data, you are using some of the best encryption and data protection tools available to maintain complete confidentiality. From the moment you perform your first backup, your data is encrypted using 448 BIT encryption, the strongest available. The files themselves are encrypted on your computer before leaving your office – and remain encrypted until you access them again. Files are sent over port 308, a non-standard port designed to avoid the high traffic ports usually associated with Internet communications and hacking. Once stored on our servers, the files stay encrypted.

Title VIII:

Corporate and Criminal Fraud Accountability Act of 2002 “Knowingly” destroying or creating documents to “impede, obstruct or influence” any federal investigation, whether it exists or is contemplated, is a felony.

We employ the latest online backup technology available to prevent unauthorized access to your data, and our data center is restricted to our administrators only. The data center uses state-of-the-art security including:

  • Gigabit Internet connection
  • 24/7 technical support, monitoring and remote hands
  • N+1 redundancy on power, HVAC
  • Fire, smoke and heat detection
  • UPS and onsite diesel generators
  • Controlled physical access

Section 802:

Mandatory Document Retention – This section instructs auditors to maintain “all audit or review work papers” for five years from the end of the fiscal period during which the audit or review was concluded. It also directs the Securities and Exchange Commission (SEC) to disseminate, within 180 days, any necessary rules and regulations relating to the retention of relevant records from an audit or review. Section 802 makes it unlawful knowingly and willfully to violate these new provisions — including any rules and regulations disseminated by the SEC — and imposes fines, a maximum term of 10 years’ imprisonment or both.

Global Data Vault’s online backup software supports Sarbanes-Oxley Compliance requirements for mandatory document retention by storing audit and review work papers for an indefinite amount of time. It captures multiple historical versions of those documents enabling auditors to access to multiple versions of the same document as it changed over time.

Section 1102: Tampering With a Record or Otherwise Impeding an Official Proceeding

This section criminalizes knowingly altering, destroying, mutilating, or concealing any document with the intent to impair the object’s integrity.

Global Data Vault’s online backup software protects your business by storing historical versions of documents that could potentially be the target of malicious destruction. Any file maliciously destroyed on a local PC or server could be restored in minutes from our secure servers. Global Data Vault’s online backup software effectively mitigates your risk of prosecution by protecting data integrity and availability for official proceedings

The Case for Office 365 Backup

In the wake of Microsoft's September 4 - September 5 South Central U. S. outage for Office 365 and Azure, it's worth asking, should you be concerned with backup of your Office 365 data? It's your data, and while Microsoft normally does a good job with protecting it,...

Counting down the worst cyber security breaches of 2018 – #4

Fitness apparel manufacturer Under Armour gave us a good example of how companies can try to protect their user’s data but often fail to fully cover everything that needs protecting. The information that was stolen from Under Armour is minor compared to some of the...

Global Data Vault’s Mid-Year Count-Down of the Worst Cybersecurity Breaches

Number 5: VPNFilter More and more, our business environments are connected to the cloud. The transmission of data and the speed to which it can be accessed is critical to business intelligence and competitive advantage. When that data becomes attractive to hackers,...