In 2002, the United States Congress passed the Sarbanes-Oxley Act (SOX) to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, and to improve the accuracy of corporate disclosures. The act sets deadlines for compliance and publishes rules on requirements. All public companies now must comply with SOX, both on the financial side and on the IT side. While the act does not specify how a business should store records or establish a set of business practices, it does define which records should be stored and the length of time for the storage. To comply with SOX, corporations must save all business records, including electronic records and electronic messages, for “not less than five years.” Consequences for noncompliance include fines or imprisonment, or both.
Three specific Section 802 rules relate to electronic records management:
The destruction, alternation, or falsification of records
A mandatory 5 year retention period for all record storage
The exact type of records requiring storage, including all business communications and related records
With all this said, how can a company make sure that they are SOX compliant?
