OnRamp specializes in helping to ensure compliance for companies that need to meet Sarbanes-Oxley compliance standards. The Sarbanes-Oxley (SOX) Act of 2002 requires that publicly held companies implement adequate controls to safeguard financial data, operations, and assets.
SOX sets requirements in terms of data protection, vulnerability testing, and auditing data integrity. SOX not only affects the financial side of corporations, but also IT departments charged with storing a corporation’s electronic records. The act is not a set of business practices and does not specify how a business should store records; rather, it defines which records should be stored and for how long.
SOX states that all business records, including electronic records and electronic messages, must be saved for “not less than five years.” The consequences for noncompliance are fines, imprisonment or both.
Section 802 of Sarbanes-Oxley contains the three rules that affect the management of electronic records. The first rule deals with the destruction, alteration or falsification of records, and the resulting penalties. The second rule defines the retention period for records storage. The third rule refers to the type of business records that need to be stored, including all business records and communications, including electronic communications.