SOX (Sarbanes Oxley) Compliance

Text

What is Sarbanes-Oxley (SOX)?

The Sarbanes–Oxley Act (SOX) is a United States federal law that sets new or expanded requirements for all U.S. public company boards, management, and public accounting firms and can also impact privately-held companies in relation to federal investigations.

With international trade, many organizations deal with US multinationals and therefore are affected by SOX, although, since the introduction of this Act, almost all other major economies have adopted similar rules.

The introduction of SOX followed major corporate scandals (such as Enron) when apparently-sound organizations crumbled almost overnight leaving investors, creditors, and customers embarrassed and out of pocket. To counteract this, the bill defines corporate responsibilities, sets minimum standards for performance and reporting, and establishes clear penalties for misconduct. Managers or Directors are responsible for signing off the presence of adequate control systems.

What are the Penalties for Non-Compliance?

The penalties for non-compliance with SOX are high. If, in the event of major damage to your organization, your adequacy statement proves to be inaccurate, you can be fined or imprisoned. The act also entitles companies to claw back bonuses that were achieved on the basis of inaccurate statements.

Special whistle-blower provisions introduce the possibility of up to ten years imprisonment for those attempting to stop news of a data breach leaking to the outside world.

If your company suffers a major or embarrassing data loss resulting in a share price fall, then your lack of a data classification and data loss prevention policy could anger your investors.

The principal change resulting from this bill is the responsibility of the Board of Directors to check that the company has adequate methods of internal control. This control encompasses everything from protection of existing assets to understanding risk and the competitive landscape. It is the responsibility of the auditors to check that controls are in place and operating effectively in accordance with details set out in section 404.

As data loss becomes more expensive, the introduction of internal controls to minimize data loss are critical for SOX compliance.

Fortra's Data Classification Can Support Sox Compliance

Fortra's Data Classification products support compliance with SOX by allowing users to identify key data and make decisions about how it is stored and transmitted. Our products can help you capture the value of the data that your organization creates or handles. It reduces the risk of data loss and the potential for embarrassment and costly penalties.

 

Image
Data Retrieval

Clearly identifying information by labelling and protectively-marking data that requires special handling such as ITAR information, the mishandling of which carries a substantial fine.

Image
CLASSIFICATION

Automatically applying visual labels to educate users on your data protection policy.

Image
Alerts

Warning or preventing the user from sending messages that contains personal information with alerts highlighting when sensitive data is leaving the organization.

Learn More about Fortra's Data Classification

Find out how Fortra's flexible data classification can help drive compliance with a variety of regulations and requirements. 

LEARN MORE

If you're ready for a demo, let's talk about how we can help with your specific compliance needs.

REQUEST A DEMO