SOX compliance: cutting through the static.The Sarbanes-Oxley deadline is finally upon us--and public companies with early fiscal year-ends Fiscal Year-End The completion of a one-year, or 12-month, accounting period. Notes: The reason that a company's fiscal year often differs from the calendar year and does not close on Dec 31, is due to the nature of company's needs. are feeling the heat. Over the past 3 years, endless headlines have preached about the consequences of not abiding by the Act. A bit of additional education never hurts. This is not intended as the end-all column on compliance, but rather a piece to examine some of the top SOX (1) (Schema for Object-oriented XML) An XML schema developed by Veo Systems and Muzino Communications, which was submitted to the W3C. SOX is based on DTD, but adds data typing and reuse mechanisms. storage considerations at a high level. Remember that the best compliance strategy begins with thoroughly studying the Sarbanes-Oxley Act See SOX. , as well as any other regulations affecting your industry. Unraveling the SOX Puzzle The SEC added stringent amendments for financial reporting to the Sarbanes-Oxley Act, spurred by the rash of corporate scandals A corporate scandal is a scandal involving allegations of unethical behavior by people acting within or on behalf of a corporation. A corporate scandal sometimes involves accounting fraud of some sort. that rocked the Enron era. New provisions call for more comprehensive auditing systems to ensure accuracy within financial reports. For example, companies must now include a management report covering the internal control structure in their annual findings. Storage strategies come into play because many of the auditing requirements ride on data integrity. The Act makes it illegal for "any person to alter, destroy, mutilate mu·ti·late tr.v. mu·ti·lat·ed, mu·ti·lat·ing, mu·ti·lates 1. To deprive of a limb or an essential part; cripple. 2. To disfigure by damaging irreparably: mutilate a statue. , or conceal any document with the intent to impair the object's integrity or availability for use in an official proceeding ..." In other words Adv. 1. in other words - otherwise stated; "in other words, we are broke" put differently , companies must ensure that their data has not been tampered with or altered. Write Once Read Many (WORM) storage technologies (whether in the form of disk, tape or optical) are a natural choice for storage regulated data. As part of SOX compliance, your company should develop a Document Retention Policy and a Data Classification Scheme. Establishing a strict policy that tracks the lifecycle of data within the company is another important step. This process should also cover the movement of both hardware and software within the IT infrastructure. Any infrastructure change should entail an extensive audit to determine how it may affect compliance. These activities are a small part to ensuring that regulated data is available when needed. In the event of an audit, companies may have to produce archived data in less than 24 hours. That is an extreme example, but possible. Each audit is taken on a case-by-case basis. Putting the Compliance Pieces Together To ensure data integrity, companies are discovering the need to institute new standards for data archiving and availability. When it comes to archiving basics for compliance, some of the first advice to be offered is for companies to religiously perform backup and archiving jobs based on preset preset Cardiac pacing A parameter of a pacemaker that is programmed permanently when manufactured schedules. Many companies will use tape storage with WORM capabilities for the first 7 years, leveraging the very low cost and high streaming speeds of today's "superdrives". When a backup for archiving is completed, be sure that the job finished successfully, checking the log to verify there were no interruptions. It's imperative that the stored data can be retrieved if an audit takes place. The only way to know for sure is to open an archive file See archive. and verify its integrity. If problems are encountered, check the system settings and the soundness of the media. Be sure to document the process in your records. Once these processes are in place, the real challenge is ensuring that the IT staff understands and upholds the newly implemented procedures. Methodologies should be outlined in detailed reports that are presented to the staff. Conclusion IT managers are feeling the pressure to implement compliance processes under a tight deadline. Companies with publicly owned Publicly owned can refer to:
The most important factor for achieving SOX compliance is to do your homework, and seek out one of several industry associations, legal organizations, trade groups, storage vendors or analyst firms available to answer your questions. Brett Schechter is a senior manager and tape storage expert with the Component and business Solutions Division of Sony Electronics Sony Electronics Inc., headquartered in San Diego, Calif., is the largest component of Sony Corporation of America, the U.S. holding company for Sony's U.S.-based electronics and entertainment businesses. (San Jose San Jose, city, United States San Jose (sănəzā`, săn hōzā`), city (1990 pop. 782,248), seat of Santa Clara co., W central Calif.; founded 1777, inc. 1850. , CA) brett.schechter@am.sony.com |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion