The Sarbanes Oxley Act of 2002 (often shortened to SOX) is the Securities and Exchange Commission’s (SEC) response to the high number of financial scandals in the early 2000s. The legislation was enacted to protect shareholders and the general public from accounting errors and fraudulent practices like those made mainstream knowledge by Enron and WorldCom.
Sarbanes Oxley does not mandate how business records should be stored, but defines which records must be stored to maintain compliance and for how long they must be stored. While most people associate the Sarbanes Oxley Act with finance departments, it also greatly affects IT departments, whose job it is to store a corporation's electronic records.
Sarbanes Oxley Compliance: Electronic Records
To maintain Sarbanes Oxley compliance, all business records, including electronic records and electronic messages, must be saved for "not less than five years." If Sarbanes Oxley compliance is not met, organizations can face fines, imprisonment, or both. Sarbanes Oxley establishes three specific rules that affect the management of electronic records, including the following mandates:
- Fines or imprisonment will be applied to any individual who intentionally destroys, alters, or falsifies records with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States.
- Records must be stored securely using the same guidelines set for public accountants (a period of 5 years from the end of the fiscal period in which the audit or review was concluded)
- Relevant records must be kept including workpapers, memoranda, correspondence, communications, and records (including electronic records) which pertain in any way to an audit or review.
Search Resumes
