SOX Compliance and Email Archiving: A Short Guide

April 30, 2018 by Jatheon

When it was enacted in 2002, the Sarbanes-Oxley Act (often abbreviated to Sarbox or SOX) was a landmark piece of legislation that heralded many changes to how businesses operate and preserve files. This federal law set new, broader requirements for all public companies in the United States, but included a number of provisions that apply to privately held organizations too (e.g. the part about impeding federal investigation by willful destruction of evidence).

A Brief History of Sarbanes-Oxley

The Sarbanes-Oxley Act was created in response to a number of corporate fraud scandals and issues. The biggest in the series of scandals that shook the US at the time, the Enron scandal was revealed in late 2001 and led to the bankruptcy of the Enron Corporation, an energy giant based out of Texas. The case also contributed to the downfall of Arthur Andersen, which was one of the five largest accountancy partnerships in the world at the time. Enron hid billions worth of debt in their accounts from failed projects and deals. To recover the confidence in the market, the US desperately needed serious reforms to their business legislation and practices.

What Changed with SOX?

SOX placed a greater responsibility on businesses to keep accurate financial records, but the main idea behind the legislation was to protect the public and shareholders against all fraudulent practices. Sarbanes-Oxley compliance means that public organizations have to carefully document and disclose their internal audit controls and ethics and have a greater overview of all employee activities. Although the bill is really about preventing corporate fraud, it has huge implications for data preservation and the archival of all enterprise information.

Although SOX is about preventing corporate fraud, it has huge implications for the preservation of ESI. Click To Tweet

What SOX was aiming to bring to companies is a greater market stability and higher security levels. However, in a practical sense, the Act forced companies to revise the way they handle their internal communication, guarantee sensitive data handling and provide transparent business operation. Naturally, in the years following the Act, the market showed a growing demand for governance products that would satisfy this complex regulatory compliance.

SOX Archiving Requirements

Although there are no specific guidelines on how an organization should retain records, Section 802 outlines the types of business records that should be retained, with a mandatory retention period of 7 years. This sparked the need for businesses to create strict policies regarding the retention of electronic records.

How Information Archiving Keeps You SOX-Compliant

The implementation of secure information archiving systems has proved to be the most straightforward way to ensure your compliance with Sarbanes-Oxley.

An archiving solution can be an on-premise appliance or a cloud-based solution that automatically captures emails, attachments, social media posts, text messages and other mobile content together with its metadata. Metadata is relevant because it provides the information about each message ‒ who sent what to whom, when and through what channels. It’s a must-have for eDiscovery, all forms of regulatory compliance and solving internal employee conflicts. Once captured, the unstructured data is indexed and stored in an inalterable, tamper-proof format for a specified period of time. Archiving software also has special features that allow users to search and retrieve huge volumes of data incredibly fast. It also ensures that data is encrypted to combat theft and prevent data breaches.

Information archiving technology prevents spoliation of evidence and unauthorized access to your archived data. Click To Tweet

Information archiving technology provides several SOX compliance related benefits. Firstly, it allows your administrators and compliance officers to locate any electronic record (email, attachment, word file, PDF, social media post, mobile call log, text or IM message) in vast amounts of data. It also allows you to fully automate the record retention process by specifying the life-span of data, which can then be deleted in bulk after the retention period expires. It prevents unauthorized access to your archived data by allowing you to segregate users, assign different permission levels and roles to personnel and restrict access to business-critical records. Finally, the WORM format in which the information is stored prevents tampering and spoliation of evidence.

In order for CEOs, CFOs, COs and auditors to provide financial reports in a timely manner, all your electronic information needs to be unified, available and, above all, searchable. A central repository that an archiving solution offers prevents your ESI from being scattered across servers, devices and bulky PST files and removes the risk of relying on external servers and software solutions. In addition, integrity verification functionalities offer additional safety and prove to regulators, auditors and investigators that your archived data has remained unchanged.

For more info on how to stay compliant with Sarbanes-Oxley, read about the crucial 5 Steps to SOX Compliance. To learn how Jatheon’s solutions can help you ensure full compliance with SOX, contact us or schedule your personal demo.

Schedule Your Personal Demo

Look inside Jatheon’s solution to see how to better manage your corporate email and messaging data. Leave us your contact details and we’ll get in touch and show you around.

Join over five thousand happy businesses using Jatheon.