How LiveVault Enables Clients to Comply with Sarbanes Oxley Data Storage Requirements
Requirement: Information cannot be tampered with or altered by any employee
At LiveVault, data is always encrypted with 128-bit encryption, and LiveVault does not have access to the password.
Requirement: Trail of transactions must be discernable and kept in sequence
At LiveVault, all iterations of a document are serialized, not overwritten.
Requirement: Audit trails
At LiveVault, access is date and time stamped by user each time a document is accessed.
Requirement: Information is available only to client’s authorized personnel
At LiveVault, client access is only through authorized personnel with the password.
Requirement: Records must be accessible
At LiveVault, all backups are immediately available 24/7.
Requirement: Certain data must be maintained for not less than 7 years
At LiveVault, data will remain in the LiveVault vaults for as long as the client chooses to retain it. Retention is set during configuration, so once configured the data is automatically stored for that period.
The Sarbanes-Oxley Act (SOX) of 2002 is one of the most important laws impacting public corporations to be passed in many years. The purpose of SOX is to protect investors from a continuation of the many accounting scandals over the past decade. The SOX places the onus on companies and registered accounting firms to comply with stringent rules regarding the accuracy and reliability of specific information by strengthening maintenance requirements of records, and the auditing/reporting of these records. Some of the provisions of the Act define what must be maintained, how long relevant material must be maintained, accounting procedures requirements, and consequences (criminal and civil) for failure to follow the Act. (There is no specific language about the mechanism or method of storing information in the Act). In placing a more rigorous requirement on financial reports the storing of the records becomes vitally important because the trail of transactions must be secure. The regulated companies in choosing a storage method will therefore look to a format that will insure it can satisfy the legal requirements of the SOX, in other words, the increased use of online remote data storage facilities/programs.
Since an online computer data storage facility is not privy to the contents of the information it stores for a client, the facility is not responsible for ensuring that its customer is in compliance with what is being kept or who in the company (including independent auditors) has access; but is accountable for the availability and security of the information being stored. The online computer data storage facility must have safe guards in place to ensure quality control standards include the following:
- That information stored cannot be tampered with (altered) by any employee;
- That the client can ascertain when the information was created; (The records kept must allow a trail of transactions to be discernable so that ongoing transactions are kept in sequence.)
- That safeguard is in place to ensure that information is available only to the client’s authorized personnel;
- That records are accessible whenever needed; and
- That the facility has the ability to maintain the data for the period stated in the Act. (Section 103 (a) (2) (A) (i): audit work papers and other information rating to any audit report is to be kept for a period not less than 7 years).