There has been a lot of talk recently about the Sarbanes-Oxley legislation in the US and what it means for business.
This shouldn’t surprise, given that the new legislation also applies to Australian branches of US-based companies.
All manner of IT vendors have represented Sarbanes-Oxley as something draconian, claiming that their products are sure-fire solutions to help manage the issue.
In reality, Sarbanes-Oxley does little more than formalise what well-managed companies have practised all along: a responsible approach to the classification and careful retention of business information.
Whether it be information that might be needed again in an hour, or information that might not be needed for a year, companies have a responsibility to shareholders, employees and customers to ensure they can retrieve data as necessary.
Sarbanes-Oxley makes that mandatory: the US administration never again wants to face the criticism following the Enron, WorldCom and other scandals.
Senior executives and their employees now risk jail if they destroy information.
So how does the executive exposed to this problem address it? Clearly, different types of organisations will have different solutions, but a good standard to adopt is the one laid down by the Securities and Exchange Commission for financial institutions (Reg 17a-4), which says that:
- All information must be stored in a way that precludes it being altered or erased
- The data recording process must be capable of being verified for quality and accuracy vRecords must be serialised and date and time-stamped
- Duplicates of all records must be stored separately from their originals
- Records must be capable of being accessed by third parties
- And they and their indexes must be capable of being downloaded
They need technology that has built-in WORM (write-once, read many) facilities that cannot be overridden in the future. Not even by the boss!
Harry Christian is the marketing and alliances manager, South Asia, for Network Appliance