How Sarbanes Oxley (SOX) Applies to Data Centers

The Sarbanes-Oxley act of 2002 (SOX) was enacted for public firms to help safeguard investor interest by increasing the reliability and accuracy of all disclosures, especially finacial. It is important to strictly adhere to the act as it not only can destroy the credibility of the firm, but also the expose top management to legal risks.


  1. How Sarbanes Oxley (SOX) Applies to Data CentersMorgan Stanley was fined $15 million for not providing email records in 2004.
  2. Microsoft will be fined $1.45 million next year for the same reason as Morgan Stanley.
  3. Merrill Lynch followed with another $2.5 million fine.

In the context of data centers, the main points are related to financial data but not limited to it:

  • Identify data that comes under the purview of act.
  • Section 103: Create processes for retention of data of the last 7 years.
  • Section 104 & 802: Get the data audited by third-party audit firms. Retention of audit data of last 5 years. In case of non-maintenance, fine and/or penalty could be imposed.
  • Section 105(B): Easy and quick accessibility of stored data when needed. In case the court asks for any past data records, they must be readily available.
  • Section 404: Build up internal controls for protection of data.
  • Monitoring of possible insider information leaks as well as tampering/destruction attempts.

Implementing the requirements of this act should not be an overhead task. To find out about everything that needs to be done and to ensure that your data center adheres to the SOX Act, please visit

Alex Carroll

Alex Carroll

Managing Member at Lifeline Data Centers
Alex, co-owner, is responsible for all real estate, construction and mission critical facilities: hardened buildings, power systems, cooling systems, fire suppression, and environmentals. Alex also manages relationships with the telecommunications providers and has an extensive background in IT infrastructure support, database administration and software design and development. Alex architected Lifeline’s proprietary GRCA system and is hands-on every day in the data center.
Alex Carroll