Sarbox and data backups in the enterprise 399
-
I need to know how Sarbanes-Oxley affects data backup and recovery in the enterprise. Are there specific items relating to data backups and retention of offsite backups?
-
This post is deleted!
-
This post is deleted!
-
Backupman,
SOX sets rules for the disclosure and retention of various types of Corporate data. (financial, accounting, etc…) It does not specifiy, ( Unlike SEC 17a) storage requirements, other than retention periods.
With that said…
SOX (and the enforcers) will not care if you made a valiant effort in regards to data retention. If you cannot bring back data, in a timely fashion, from anytime during the retention period, your company will be held accountable.
Best practices, Sec 17a, HIPAA, dictate a copy of data be stored offiste in an easlity retrievable fashion.
Sarbanes-Oxley Title XI, Section 1102: Tampering With a Record or Otherwise Impeding an Official Proceeding
Makes it a crime for any person to corruptly alter, destroy, mutilate, or conceal any document with the intent to impair the object’s integrity or availability for use in an official proceeding or to otherwise obstruct, influence or impede any official proceeding is liable for up to 20 years in prison and a fine.