The Sarbanes–Oxley Act (SOX) is a United States federal law that sets new or expanded requirements for all U.S. public company boards, management and public accounting firms and can also impact privately-held companies in relation to federal investigations.
With international trade, many organisations deal with US multinationals and therefore are affected by SOX, although, since the introduction of this Act, almost all other major economies have adopted similar rules.
The introduction of SOX followed major corporate scandals (such as Enron) when apparently-sound organisations crumbled almost overnight leaving investors, creditors and customers embarrassed and out of pocket. To counteract this, the bill defines corporate responsibilities, sets minimum standards for performance and reporting, and establishes clear penalties for misconduct. Managers or Directors are responsible for signing off the presence of adequate control systems.
The penalties for non-compliance with SOX are high. If, in the event of major damage to your organisation, your adequacy statement proves to be inaccurate you can be fined or imprisoned. The act also entitles companies to claw back bonuses that were achieved on the basis of inaccurate statements.
Special whistle-blower provisions introduce the possibility of up to ten years imprisonment for those attempting to stop news of a data breach leaking to the outside world.
The principal change resulting from this bill is the responsibility of the Board of Directors to check that the company has adequate methods of internal control. This control encompasses everything from protection of existing assets to understanding risk and the competitive landscape. It is the responsibility of the auditors to check that this is in place and operating effectively in accordance with details set out in section 404.
As data loss becomes more expensive, the introduction of internal controls to minimise data loss are critical for SOX compliance.
Boldon James Data Classification products support compliance with SOX by allowing users to identify key data & make decisions about how it is stored and transmitted.
Boldon James Classifier helps you capture the value of the data that your organisation creates or handles. It reduces the risk of data loss and the potential for embarrassment and costly penalties.
Boldon James Data Classification products support compliance with SOX by:
- Clearly identifying information by labelling and protectively-marking data that requires special handling such as ITAR information, the mishandling of which carries a substantial fine.
- Automatically applying visual labels to educate users on your data protection policy.
- Warning or preventing the user from sending messages that contains personal information with alerts highlighting when sensitive data is leaving the organisation.