Introduction to Sarbanes-Oxley Act.
The Sarbanes-Oxley (also known as SOX) was passed in 2002, and is seen by many as a solution to prevent future high profile financial scandals, such as Enron and WorldCom from reoccurring. Sox protects shareholders and the general public from accounting errors and fraudulent practices within enterprises.
The SOX Act was signed on July 30, 2002 and introduced highly significant legislative changes to financial practices and corporate governance regulations. The act is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliancies and publishes rules for requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records. Instead, it defines which records are to be stored and for how long. The legislation not only affects the financial side of corporations, but also affects the IT departments whose job it is to store a corporation's electronic records. The Sarbanes-Oxley Act states that all business records, including electronic records and electronic messages, must be saved for not less than five years.
The consequences for non-compliance to the act may be fines, imprisonment, or both. IT departments are increasingly faced with the challenge of creating and maintaining corporate records archives in a cost-effective fashion that satisfies the requirements put forth by legislation.
There are three sections of Sarbanes-Oxley that affect the management of electronic records:
Section 802(a): Dealing with the destruction, alteration, or falsification of business records.
Section 802(a)(1): Defining the retention period for records storage using the same guidelines set for public accountants. ...