Data Protection Regulation:
This white paper focuses specifically on Sarbanes-Oxley Act (SOX) regulations relevant to data protection, and describes both best practices and automated tools used by today's leading storage managers and backup/recovery teams to meet the mandates of SOX. Information has been drawn from real-world SOX audit experiences and demonstrates how leading companies are benefiting from the use of data protection management software to streamline compliance-related testing and demonstrate documented control over data protection.
Much has already been written about the Sarbanes-Oxley Act of 2002 and its intent to hold public company executives accountable for the accuracy of their company's financial reporting processes and data protection regulation. Sarbanes-Oxley was enacted to help regulate data protection an effort to avoid the corporate malfeasance and much-publicized accounting scandals of U.S. companies like Enron, WorldCom and HealthSouth. It holds companies to a high standard of corporate governance, risk management, communications and compliance to data regulations. This set of standards is commonly referred to as GRC (governance, risk management and compliance).
Section 404 of the SOX legislation is most relevant to IT organizations, including the storage management and data protection regulation and legislation, as it requires corporate management (executives and a financial officer) to take:
In addition, to comply with SOX, data protection regulation management teams must make a written annual statement available that proves internal control over financial reporting is effective and reports any "material weaknesses" or deficiencies in the effectiveness of any of the company's internal controls surrounding financial reporting. Fines-and even more severe conse-quences-may await executives whose companies are consistently unable to meet SOX regulations.
About SOX Frameworks, IT and Data Protection Legislation:
I"While Sarbanes-Oxley is financial legislation, at its heart it is about ensuring that internal controls or rules are in place to govern the creation and documentation of information in financial statements. Since IT systems are used to generate, change, house and transport that data, CIOs have to build the controls that ensure the information stands up to audit scrutiny."
Company data protection regulation compliance officers, internal auditors and IT organizations often use two commonly accepted frameworks, COSO (Committee of Sponsoring Organizations) and COBIT (Control Objectives for Information and related Technology), to help them translate SOX into an actionable plan for compliance.
Data Protection Act Regulations:
The COSO framework, developed by the Committee of Sponsoring Organizations of the Treadway Commission, has been widely referenced by both the SEC and the U.S. Public Company Accounting Oversight Board (PCAOB) as the prevailing standard for further interpreting the meaning of SOX legislation.
