ISO 27001 | SSAE 18 SOC 2 Certified Sales: 317.275.0021 NOC: 317.275.0001
How Sarbanes-Oxley Act (SOX) Impacts Data Centers
Regulatory compliance has a big say in how businesses design and develop their systems. A major compliance requirement for many businesses is the Sarbanes-Oxley Act of 2002 (SOX).
On the face of it, the focus of SOX is to prevent financial frauds, and, for this purpose, it mandates companies to maintain tight controls over their financial disclosures. These controls assume the form of regulating and tracking the flow of financial data, along with regular audits aimed at identifying and remediating potential risks.
However, the implications of SOX for data centers go much beyond that. SOX mandates strict data storage requirements and equally stringent retention policies and procedures. Although SOX does not give any specific size or methodology for data storage or policies, there are many guidelines data centers need to follow:
- The Public Committee Accounting Overseas Board (PCAOB) oversees and guides SOX auditors and sets standards that specify the elements required for successful compliance.
- The Committee of Sponsoring Organizations (COSO) has developed a control framework that offers a comprehensive set of guidelines to create and implement internal controls. Though not mandatory, this offers the optimal benchmark.
- The Control Objectives for Information and Related Technology (COBIT) framework, the handiwork of Information Systems Audit and Control Association (ISACA), offers specific guidance for IT controls. COBIT addresses 34 IT processes, grouped in four domains of Planning and Organization, Acquisition and Implementation, Delivery and Support, and Monitoring.
SOX also binds publically traded companies and accounting or audit firms to retain audit documents for a minimum of seven years after the completion of an audit, and also have provisions in place for retrieval of data quickly. Here again, the methodology of how to do so is left to the companies. Data centers need to adopt solutions such as a write-once, read-many (WORM) approach to data, which allows easy retrieval at anytime but no modifications, to facilitate their client’s compliance with the provisions of SOX.
Apart from this, SOX compliant data centers also need to have strong security measures in place, including access and authentication systems, user account management, encryption, and other network security deployments, besides constant monitoring and audits.
SOX violations can be costly. The act imposes a fine of up to $10 million and 20 years in prison for violators. In addition, there is a promise of “stiff penalties” for companies that knowingly destroy, or even alter, records to cover their tracks or thwart investigations.
Lifeline Data Centers offers fully compliant SOX solutions, complete with flexibility and guaranteed uptime.