In 2002, the United States Congress passed the Sarbanes-Oxley Act (SOX) to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, and to improve the accuracy of corporate disclosures. The act sets deadlines for compliance and publishes rules on requirements. Congressmen Paul Sarbanes and Michael Oxley drafted the act with the goal of improving corporate governance and accountability, in light of the financial scandals that occurred at Enron, WorldCom, and Tyco, among others.

All public companies now must comply with SOX, both on the financial side and on the IT side. The way in which IT departments store corporate electronic records changed as a result of SOX. While the act does not specify how a business should store records or establish a set of business practices, it does define which records should be stored and the length of time for the storage. To comply with SOX, corporations must save all business records, including electronic records and electronic messages, for “not less than five years.” Consequences for noncompliance include fines or imprisonment, or both.

As a result of SOX, IT departments are responsible for creating and maintaining an archive of corporate records. They seek ways in which to do this that are both cost effective and that are in complete compliance with the requirements of the legislation. Three rules in Section 802 of SOX affect the management of electronic records. The first concerns the destruction, alteration, or falsification of records and the resulting penalties. The second defines the retention period for records storage; best practices suggest corporations securely store all business records using the same guidelines as public accountants. The third rule outlines the type of business records that need to be stored, including all business records, communications, and electronic communications.

VITECH has helped a wide variety of businesses, companies, and organizations meet SOX compliance standards. We have helped organizations of all sizes, from the small accounting office, to large multi-location financial institutions.

VITECH has multiple packages to help each organization, according to their needs. These include:

  • Compliance Guidance
  • Base Compliance Package
    • Establish Internal Controls under Section 302 & 404
    • Employee Data Security Training
    • Security Risk Assessment
    • Gap Identification
  • Base Compliance Package + Remediation Guidance
  • SOX Compliance Audit + Certification
    • Necessary to Measure an Organization’s Internal Controls & Compliance to SOX Regulations