Sarbanes-Oxley (SOX) Act Compliance
The Sarbanes-Oxley (SOX) Act of 2002 legislates how long and the manner in which companies store their financial records. Created largely in response to the Enron and WorldCom scandals, the SOX act is designed to safeguard against accounting errors and other illegal financial activities. In placing a more rigorous requirement on financial reports the storing of the records becomes vitally important because the trail of transactions must be secure.
The act specifically states that electronic records must be saved for at least five years to ensure that the auditors and other regulators can easily obtain requested documents.
The regulated companies in choosing a storage method will therefore look to a format that will ensure it can satisfy the legal requirements of the SOX, i.e. the increased use of online remote data storage facilities / programs.
As an online data storage facility, Craig Computers is not privy to the contents of the information stored for a client. The customer must maintain responsibility for ensuring that it is in compliance as to what information is being kept and who in the organization (including independent auditors) has access. Craig Computers is only responsible for the availability and security of the information being stored and has put safe guards in place to ensure appropriate quality control standards.
Craig Computers assists with SOX compliance in the following manner:
- The data files backed up are encrypted on transfer and stored using AES 256-bit encryption and automatically decrypted during restores. The encryption is based on the private encryption key so that the data stored on the servers cannot be decrypted by anybody other than you or a designate
- Your files are logged with a date and time stamp each time they are accessed
- All backups are immediately available from the web
- Data remains on the servers for as long as you want to retain it
Note: Many of the compliance items require usage of the optional private encryption key that is known only to the user and not stored on Craig Computers’ servers.