Securing Data to meet SOX Compliance

The Sarbanes-Oxley Act (SOX) was adopted in the US in 2002. This statutory act set out documentation and financial reporting requirements for companies, reinforced personal liability of CFOs and CEOs, and introduced procedures for regular independent audits. Today, all public companies with stock listed on US stock exchanges are required to meet SOX requirements. Furthermore, a company’s executive management - including the CEO and CFO - are held personally liable for ensuring compliance with the key provisions of SOX. Violations are met with hefty personal fines up to USD 25 million and prison terms of up to 20 years.

Despite its very stringent requirements, SOX has ultimately become the unspoken standard in corporate governance. Even companies that are not listed on US exchanges now prefer to incorporate provisions of this law in order to increase their competitiveness, attract more interest from investors and partners, and better protect their corporate assets.

The Sarbanes-Oxley Act does not pose direct requirements for corporate data security, although it does include a number of clauses concerning internal control, the completeness of sensitive financial documentation, and audit situations. Updating a corporate data security system can make compliance with the law’s key provisions considerably easier.

This white paper addresses SOX requirements that affect a company's data infrastructure, including the means of securing data collected and maintained by the company. Also, it describes DeviceLock, a product from DeviceLock, Inc., which companies can use to more easily achieve strong compliance in the area of data security.