Sarbanes-Oxley (SOX) Compliant Cloud Backup
- White Paper: Achieving Regulatory Compliance with Data Backup and Recovery
- White Paper: The Three Cs of Data Protection
The Sarbanes-Oxley Act (known fondly as SOX) is designed to validate the internal controls of any publicly registered company under the jurisdiction of the Securities and Exchange Commission (SEC). The Act specifies several requirements, including quarterly certification of financial results (Section 302) and internal controls over financial reporting (Section 404). The requirements of Section 404 make SSAE 16 (formerly SAS 70 type 2) audit reports even more instrumental to the process of reporting on internal controls. In fact, SOX adopted the model of controls established by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), which is the same model that SAS 70 (SSAE 16) audits have used since inception.
Your Service Provider’s SSAE 16 Certification Ensures Your SOX Compliance
SOX identified a SSAE 16 (SAS 70) Type 2 report as the only acceptable way for a third party to approve a service organization’s controls. This means that while Symform, as a service provider, does not have to be SOX compliant itself, its SSAE 16 compliance ensures your compliance with SOX.
Symform and the Sarbanes-Oxley Security Controls:
While much of SOX focuses on financial controls, it also covers security and IT compliance measures, to ensure that financial information and other data is protected and properly managed. Symform’s secure, decentralized architecture is significantly more secure than other online or on-premise data storage and backup solutions.
Symform Supports Key Areas of IT Security and Compliance Under SOX
- Identity Management
- Policy-Based Access Controls
- Strong Authentication
- Data Protection
- Data Recovery