SOX

Sarbanes-Oxley compliance

Sarbanes-Oxley Act of 2002

The Sarbanes-Oxley Act of 2002 (SOX) ushered in a new era of business rules regarding the storage and management of corporate financial data. Sarbanes-Oxley Compliance holds many publicly held companies and all registered public accounting firms to a rigorous set of standards. These rules set guidelines for how data should be stored, accessed, and retrieved. Read on for more information about how Global Data Vault supports Sarbanes-Oxley Compliance.

What does SOX mean for data backup and recovery? We’ll cover the key elements as follows:

  • Section number
  • Description of rule
  • How Global Data Vault supports the regulation
Section 103: Auditing, Quality Control, And Independence Standards And Rules – The Board Shall:
  1. register public accounting firms;
  2. establish, or adopt, by rule, “auditing, quality control, ethics, independence, and other standards relating to the preparation of audit reports for issuers;” requires firms to “prepare, and maintain for a period of not less than 7 years, audit work papers, and other information related to any audit report, in sufficient detail to support the conclusions reached in such report.”

Global Data Vault’s online server backup software supports your efforts to prepare documents for inspection and audit. It captures and stores your data to a remote server where the files are stored securely and safely until inspection. A backed up file can remain, indefinitely, on our servers until it is needed for audit or inspection. Our remote backup system allows access only to the correct username/password combination. As such, the file can be restored to your local desktop, either via the software client or through our Web Restore interface.

Section 104:

Inspections of Registered Public Accounting Firms Quality Inspections must be conducted annually. The SEC or the Board may order impromptu inspections of any firm at any time.

Again, Global Data Vault’s online backup software gives users on-demand access to their data. An inspector may access any file stored to the  GDV remote backup system in order to perform the required inspection. Additionally, different historical versions of a file can be restored and inspected to compare and contrast a document’s revisions.

Section 105(d):

Investigations And Disciplinary Proceedings; Reporting of Sanctions All documents prepared or received by the Board are regarded “confidential and privileged as an evidentiary matter (and shall not be subject to civil discovery or other legal process) in any proceeding in any Federal or State court or administrative agency. This section continues…unless and until presented in connection with a public proceeding or [otherwise] released” in connection with a disciplinary action.

When you use Global Data Vault’s online backup software to backup your data, you are using some of the best encryption and data protection tools available to maintain complete confidentiality. From the moment you perform your first backup, your data is encrypted using 448 BIT encryption, the strongest available. The files themselves are encrypted on your computer before leaving your office – and remain encrypted until you access them again. Files are sent over port 308, a non-standard port designed to avoid the high traffic ports usually associated with Internet communications and hacking. Once stored on our servers, the files stay encrypted.

Title VIII:

Corporate and Criminal Fraud Accountability Act of 2002 “Knowingly” destroying or creating documents to “impede, obstruct or influence” any federal investigation, whether it exists or is contemplated, is a felony.

We employ the latest online backup technology available to prevent unauthorized access to your data, and our data center is restricted to our administrators only. The data center uses state-of-the-art security including:

  • Gigabit Internet connection
  • 24/7 technical support, monitoring and remote hands
  • N+1 redundancy on power, HVAC
  • Fire, smoke and heat detection
  • UPS and onsite diesel generators
  • Controlled physical access

Section 802:

Mandatory Document Retention – This section instructs auditors to maintain “all audit or review work papers” for five years from the end of the fiscal period during which the audit or review was concluded. It also directs the Securities and Exchange Commission (SEC) to disseminate, within 180 days, any necessary rules and regulations relating to the retention of relevant records from an audit or review. Section 802 makes it unlawful knowingly and willfully to violate these new provisions — including any rules and regulations disseminated by the SEC — and imposes fines, a maximum term of 10 years’ imprisonment or both.

Global Data Vault’s online backup software supports Sarbanes-Oxley Compliance requirements for mandatory document retention by storing audit and review work papers for an indefinite amount of time. It captures multiple historical versions of those documents enabling auditors to access to multiple versions of the same document as it changed over time.

Section 1102: Tampering With a Record or Otherwise Impeding an Official Proceeding

This section criminalizes knowingly altering, destroying, mutilating, or concealing any document with the intent to impair the object’s integrity.

Global Data Vault’s online backup software protects your business by storing historical versions of documents that could potentially be the target of malicious destruction. Any file maliciously destroyed on a local PC or server could be restored in minutes from our secure servers. Global Data Vault’s online backup software effectively mitigates your risk of prosecution by protecting data integrity and availability for official proceedings

Cry Me a River…Really?

Yep. That's one headline I saw this weekend about the WannaCry attack. And I guess we can understand that sentiment, maybe. Our view at Global Data Vault, is our job is to be ready to help any of our customers hit by this outrageous attack. Our customers use our...
Read More
bandwidth required

Bandwidth – How Much is Enough?

How Much Bandwidth is Enough? Knowing and planning for an appropriate level of bandwidth is a key component of every DRaaS solution. In our most common DRaaS implementation, the data is moved from local repositories at the customer site over the internet or WAN to our...
Read More

Sizing for Local Backup Repositories

Proper sizing for local backup repositories is a critical step in building a complete backup and disaster recovery as a service solution (DRaaS). Below, we will list the most accurate way of determining what your data change rate is and how large the repository should...
Read More