Compliance Services

Sarbanes-Oxley (SOX) Act Compliance

The Sarbanes-Oxley (SOX) Act of 2002 legislates how long and the manner in which companies store their financial records. Created largely in response to the Enron and WorldCom scandals, the SOX act is designed to safeguard against accounting errors and other illegal financial activities. In placing a more rigorous requirement on financial reports the storing of the records becomes vitally important because the trail of transactions must be secure.

The act specifically states that electronic records must be saved for at least five years to ensure that auditors and other regulators can easily obtain requested documents.

The regulated companies in choosing a storage method will therefore look to a format that will insure it can satisfy the legal requirements of the SOX, i.e. the increased use of online remote data storage facilities / programs.

As an online data storage facility, IDrive is not privy to the contents of the information stored for a client. The customer must maintain responsibility for ensuring that it is in compliance as to what information is being kept and who in the organization (including independent auditors) has access. IDrive is only responsible for the availability and security of the information being stored and has put safeguards in place to ensure appropriate quality control standards.

IDrive® assists with SOX compliance in the following manner:

  • The data files backed up are encrypted using AES 256-bit encryption when stored on your local BMR device and cloud account. Data files are encrypted when transferred to the cloud account. The encryption is based on default or private encryption key so that the data stored on IDrive servers cannot be decrypted by anybody other than you or a designate
  • Your files are logged with a date and time stamp each time they are accessed
  • All backups are immediately available from the web
  • Data remains on the IDrive servers for as long as you want to retain it, as specified in your cloud retention policy

Note: Many of the compliance items require usage of the optional private encryption key that is known only to the user and not stored on IDrive servers.