How Does The Sarbanes-Oxley Act Impact Record Storage?
You know that as a company you must keep records for a certain period of time. Compliance acts and laws are put into place to protect the public, stakeholders, the employees of the company, and the company in general.
Failure to comply with laws like HIPAA or Sarbanes-Oxley could result in fines, the company shut down, and possibly even jail time for those directly responsible.
You may think that these laws don’t apply to you for one reason or another, but if you take a look at the Sarbanes-Oxley Act (SOX), you will quickly find that any public company MUST follow these guidelines.
So what does this mean for your company and record storage? Don’t worry; we’ve got it all covered for you in this article.
What Is The Sarbanes-Oxley Act?
Enacted by George W. Bush in 2002, the Sarbanes-Oxley Act was put into law to protect investors and stakeholders from fraudulent accounting and financial practices by corporations.
The Sarbanes Oxley Act was created because, in the late 1990s and early 2000s, massive corporate scandals tricked stakeholders and inflated stock prices. Companies like Enron and WorldCom were at the head of these scandals, spurring the government to take action.
The government wanted to ensure that nothing like this ever happened at this scale again, and thus the Sarbanes-Oxley Act was born.
Sarbanes-Oxley is named after the 2 government leaders who wrote the bill, Senator Paul Sarbanes (D – MD) and Representative Michael D. Oxley (R – OH – 4).
The main requirements of the Sarbanes Oxley Act are:
- Corporate Responsibility – CEOs and CFOs must acknowledge that they are responsible for the documentation and accuracy of financial reports.
- Internal Controls Report – This report states that management is responsible for controlling financial records and reporting; errors or faults must be reported up the chain of command.
- Data Security Policies – These are formal and strict policies that must be upheld to protect all financial and confidential data.
- SOX Documentation– This is documentation that proves that the company upholds this act and is consistently in compliance.
- Record storage and retention – Store documents in an organized and indexed, and searchable manner for specific periods of time.
Sarbanes-Oxley Record Storage? What Is This?
To meet the requirements of the above, yearly and random audits must be conducted. Therefore all financial and corporate documents must be kept and stored for a certain period of time.
There are different data/storage retention periods for various documents, which can get overwhelming, so here is a quick breakdown of how long records should be stored.
Seven Year Retention:
- Accounts payable & receivable ledgers
- Product inventory
- Business expense records
- Payroll tax records
- Bank statements
- State sales tax information and returns
- Earning records
Five Year Retention
- Invoices to customers and from vendors
- Purchase orders
- Sales records
- Salary records
- Accident and unemployment reports
Three Year Retention
- Credit card receipts
- Employment applications
This list seems overwhelming and can fill up a filing cabinet or computer data storage quite quickly, especially if you run a large company.
So how do you store all of this information? Well, there’s a section of Sarbanes-Oxley that describes how the date/documents should be stored.
Documents and data must be:
- Tamper-proof, permanent-word protected, and read-only
- Able to be audited by a third-party
- Thoroughly organized, indexed, and searchable
Again, this can be overwhelming, and that is where we, Docu-Trust, can help!
Pro Tip: Read our most recent article on the best ways to store data long-term!
Store Your Data & Documents With Docu-Trust
Don’t get caught out of compliance and risk fines and possible jail time due to significant accounting errors and fraudulent activity; store your documents and data safely at our secure Docu-Trust facility! Our previous article, “What Makes Docu-Trust Different?” lays out all of the reasons why storing your confidential and vital information with us is the right way to go!
We follow all HIPAA and Sarbanes-Oxley compliance laws and other compliance and safety regulations surrounding data, destruction, and protection.
We enjoy serving California, Arizona, and Nevada businesses and look forward to helping you keep your business in compliance and your document protected!