How Sarbanes Oxley (SOX) Applies to Data Centers
The Sarbanes-Oxley act of 2002 (SOX) was enacted for public firms to help safeguard investor interest by increasing the reliability and accuracy of all disclosures, especially finacial. It is important to strictly adhere to the act as it not only can destroy the credibility of the firm, but also the expose top management to legal risks.
- Morgan Stanley was fined $15 million for not providing email records in 2004.
- Microsoft will be fined $1.45 million next year for the same reason as Morgan Stanley.
- Merrill Lynch followed with another $2.5 million fine.
In the context of data centers, the main points are related to financial data but not limited to it:
- Identify data that comes under the purview of act.
- Section 103: Create processes for retention of data of the last 7 years.
- Section 104 & 802: Get the data audited by third-party audit firms. Retention of audit data of last 5 years. In case of non-maintenance, fine and/or penalty could be imposed.
- Section 105(B): Easy and quick accessibility of stored data when needed. In case the court asks for any past data records, they must be readily available.
- Section 404: Build up internal controls for protection of data.
- Monitoring of possible insider information leaks as well as tampering/destruction attempts.
Implementing the requirements of this act should not be an overhead task. To find out about everything that needs to be done and to ensure that your data center adheres to the SOX Act, please visit http://www.lifelinedatacenters.com.