Data Retention _and_amp; Disposal Policy 1738
-
Hi All,
I am in the process of updating our very outdated ‘Data Retention and Disposal Policy’ Does SOX state how long you are required to store sensitive information ? Are there specific measures that need to be taken to dispose of this data ?
I know i am pushing my luck here, but does anybody have a good template i could use to create the policy - i want to get rid of the old one completely as our company has changed names since then and we have grown.
-
you will havew to maintain documents for sox and financial data for a period of 7 years. This comes from the PCAOB’s Audit Standard 3.
-
you will havew to maintain documents for sox and financial data for a period of 7 years. This comes from the PCAOB’s Audit Standard 3.
PCAOB standards apply only to external auditors. However, the SEC also requires that information supporting filings be retained for a minimum of seven years. Other information not supporting your SEC filings could have different retention periods. You should work with your company legal team to agree on the retention periods for various types of data.
-
This thread discusses document retention and might be worthwhile to review:
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=1739
-
I am performing an imaging tool audit. I want to know if SOX or another regulation states how long is required to preserve the hard copy of the accounting record after it had been imaged.
-
Hi and welcome to the forums
Based on my reading a 7 year retention period is the safest form of retention for all SOX related documents. One link mentions a minimum of 5 years, 'from the end of the fiscal period in which the audit or review was concluded (which realistically might end up being 6 years).
Some past links are noted below:
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-p=5948#5948
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=1886