Home > Compliance > Sarbanes-Oxley Compliance
Print PagePrint this Page

Sarbanes-Oxley Security Compliance


What is Sarbanes-Oxley Act?
The Sarbanes-Oxley Act (SOX) was enacted to increase regulatory visibility and accountability of public companies and their financial health. SOX requires even small companies to comply with regulations dealing with the assessment of internal controls for financial reporting (Section 404). SOX Compliance

Who is affected by SOX?
All corporations that fall under the jurisdiction of the U.S. Securities and Exchange Commissions are subject to SOX compliance requirements. This essentially means any publicly traded company must abide by requirements described by SOX. The Act directly affects financial services companies, CPAs and CPA firms, as well as attorneys of publicly traded companies. In addition, private firms interested in going public, or that may be the target of an acquisition or merger by a public firm, fall under SOX scrutiny, ensuring compliance of the remaining firm.

What are the requirements of SOX?
Sarbanes-Oxley is a broad act that addresses a number of accountability issues. The most relevant requirements of the law are the following:
  • CEOs and CFOs must attest to the accuracy of financial statements and disclosures in the periodic report. (Section 302)
  • Companies are responsible for having adequate internal control structure and procedures for financial reporting. Management must assess these internal controls. (Section 404)
  • Companies must provide real-time disclosures of any events that may affect a firm's stock price or financial performance within a 48-hour period. (Section 409)
  • Companies must protect and retain financial audit records. (Section 802)
Related SEC releases define internal controls and procedures for financial reporting as controls that provide reasonable assurances that:
  • Transactions are properly authorized.
  • Assets are safeguarded against unauthorized or improper use.
  • Transactions are properly recorded to permit the preparation of financial statements that are presented in a manner consistent with GAAP.
  • To meet the assessment requirement, management must select a suitable, recognized framework for assessing the effectiveness of internal controls.
Two popular control frameworks are COSO (Committee of Sponsoring Organizations) and COBIT (Control Objectives for Information and Related Technologies). COSO focuses on controls for financial processes, and COBIT focuses on IT.

How do companies comply with SOX?
The combination of the various SOX requirements means that CEOs and CFOs must attest to having the proper "internal controls" at their companies to protect against data tampering. The data protection requirements for data center infrastructures include:
  • Guaranteed, no-excuse access to information
  • Processes and controls to ensure access to information
  • Separation and protection of information before it is widely disclosed
In short, complying companies must ensure the long-term retention, security, integrity, and availability of data. They must also ensure the authenticity and integrity of data in motion.

What are the penalties for SOX non-compliance?
The SEC has directed national securities exchanges and associations to prohibit the listing of securities of a non-compliant company. If material non-compliance causes the company to restate its financials, the CEO and CFO forfeit any bonuses and other incentives received during the 12-month period following the first filing of the erroneous financials. SOX takes specific note of violations involving destruction or falsification of documents or records related to any federal investigation or bankruptcy proceeding. Personal penalties range from fines of up to $1 million to prison sentences of not more than 20 years for whoever knowingly alters, destroys or mutilates any record or document with the intent to impede an investigation.

How does CipherOptics help?
When you need to encrypt your data in motion, CipherOptics makes it easy. Whether you need to protect a single link, or your entire network, we eliminate the complexity of encrypting today's networks.

Our solutions combine standards-based, wire-speed encryption appliances with CipherEngine, the only policy definition and key distribution technology designed for multi-node networks. Together, they give you the highest level of data protection at the lowest total cost. CipherEngine gives you the power to protect data in motion wherever, however and whenever you want, without changes or disruptions to your network, your infrastructure, or your operations.

To see just how easy it can be to comply with the Sarbanes-Oxley Act, call 1-877-878-6655 or feel free to ask us a question.

Learn More About:
Network Encryption
Ethernet Encryptors
IP Encryptors
CipherEngine Policy and Key Management

Helpful Resources
Full Text of the Sarbanes-Oxley Act
Summary of the Provisions of the Sarbanes-Oxley Act