SOX 101. What is it? And What Does it Call For? 

SOX 101. What is it And What Does it Call For 

What is Sarbanes-Oxley and What Do We Need to Know? 

Sarbanes-Oxley is an act that sets the compliance requirements and deadlines for public companies. The U.S. Congress passed the act in 2002 after several major accounting and fraud scandals  – among them, Enron, WorldCom, and Tyco. The purpose of the act is to protect the general public and shareholders from accounting errors, fraudulent practices in enterprises, and to improve the accuracy of corporate disclosures. The name of the act derives from the two congressmen who drafted the act – Paul Sarbanes and Michael Oxley. It is now commonly referred to as “SOX. 

Does SOX Apply to Cybersecurity? 

Yes. SOX applies to all public companies and the requirements are set both for companies financials and for its information technology, as both play a critical and interconnected part inadequate accountability and corporate governance. SOX sets the rule in the WAY Information Technology departments to keep corporate electronic recordsThe act requires that public companies store all business records for a certain length of time. Thus, electronic records and electronic messages must be kept for at least five years. If this is not met, fines or imprisonment will result. 

Electronic Records Rules

The Electronic Records Rules are set out under Section 802 of the act and address three rules for the management of electronic records.  

What Do The Three Rules Address? 

RULE 1: Addresses the destruction, alteration, or falsification of records and the resulting penalties. 

RULE 2: Defines the records storage retention period and states that it is best practice to securely store all business records using the same guidelines as public accountants. 

RULE 3: Outlines the type of business records that need to be stored, which include all business records, communications, and electronic communications. 

Compliance & Security Controls:  

To ensure that financial data is accurate and protected against loss and comply with SOX, it is best practice to have the correct security controls in place, such as data classification tools. 

Without the right set of security controls in place, it is difficult to meet both SOX and regulatory standards. To meet both, the right software solution and IT management practices must be in place. 


Need Assistance Understanding Compliance?

Contact LIFARS For Advisory Services Today!