How The Sarbanes-Oxley Act (SOX) Affects Your Data

A view of skyscrapers

July 27, 2017 Disaster Recovery News Blog, High Availability Blog Articles, Regulatory Compliance Blog

The Sarbanes-Oxley Act is one of those regulations that every company has at least heard of. That being said, few companies really know how SOX affects their company’s data. Here we demystify one of today’s most common regulations, and explain the requirements for your data’s security and availability.


The Sarbanes-Oxley Act (2002)

The Sarbanes-Oxley Act (SOX) is a clear example of how government guidelines have become stricter in response to major corporate failures. SOX was established in 2002 as a consequence of various high-profile accounting scandals that occurred in the early 2000s.

Unlike Gramm-Leach-Bliley (GLBA), SOX is not specifically targeted towards the financial services industry. That being said, it does affect many financial services firms because it applies to all publicly traded firms, which includes many of the large players in the financial sector.

In essence, SOX is designed to protect investors against accounting fraud by improving the accuracy and reliability of corporate disclosures. There are two principal parts of the Act that affect your data: Title 4 and Title 8. While the former outlines all of the parameters for compliant disclosure practices, the latter outlines how individuals can be held personally accountable for failure to comply, or for partaking in fraudulent activities.


Why Sarbanes-Oxley Makes High Availability a Necessity

Title 4 of the Act outlines how companies must abide by electronic filing and availability practices. It states that companies not only need to file reports electronically, but also to provide statements on publicly accessible internet sites.

The need for information availability – like the availability ensured by high availability (HA) and partial failover solutions – is evident from Title 4 of SOX. Perhaps the most widely-cited section is Section 404, which requires companies to report on the effectiveness of its internal record keeping with full, accurate, and timely disclosure. If your information is unavailable – or worse, irretrievable – providing full and accurate reports will be impossible, let alone in a “timely” manner.


Who Takes The Blame For Unmet Compliance?

While Title 4 of SOX explains how to meet compliance, Title 8 – and in particular, Section 802 – outlines how individuals can be held personally accountable when compliance goes unmet.

Section 802 is especially important to the principal executive and financial officers, who must certify filed annual reports for completeness and accuracy. If these reports are found to lack critical information or to be inaccurate, businesses executives can be held personally responsible. Consequences can include heavy fines and imprisonment for up to 20 years, or both.


The Solutions You Need To Be Compliant

SOX requires companies to have complete, resilient, and secure data stores. Information availability provided by high availability (HA) solutions is a critical aspect of meeting compliance, since unavailable data would make it impossible to meet stipulated deadlines for reporting. That’s not to mention how unavailable data will inhibit your ability to file reports electronically, or have them accessible online (as stipulated in Section 403). Of course, lost data from a disaster would make giving whole and accurate reports impossible, something that can easily happen after facing a disaster without disaster recovery (DR) solutions in place.

Inability to report accurately, or in a timely manner, could have serious consequences for a company’s executives. Without secure and available data, the very least your company can face are legal penalties, and suspicion that could lead to decreased stock values, audits, and a damaged reputation. Having DR and HA solutions in place is a simple fix to keep these penalties from affecting your company – or you.


In this series we outline how 5 of today’s biggest regulations affect your company’s information security and availability. 

If you’re interested in seeing how other regulations affect your data, check out: 

  1. The Gramm-Leach-Bliley Act (GLBA)
  2. The USA PATRIOT Act 
  3. HIPAA 
  4. Basel II 


For more information on how to keep your data secure, available and compliant for regulations like the Sarbanes-Oxley Act, contact us today at 317-707-3941.


Back to blog list