Sarbanes–Oxley Act of 2002

Disaster Recovery | Corporate Email | An Automated Approach

How it applies relative to Time & Labor Management Systems

Sarbanes–Oxley is a United States federal law enacted as a reaction to recent, major corporate and accounting scandals; namely, Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals cost investors billions of dollars and shook public confidence in the nation's securities markets.

The Sarbanes–Oxley Act of 2002 (Pub.L. 107-204, 116 Stat. 745, enacted July 30, 2002), also known as the 'Public Company Accounting Reform and Investor Protection Act' (in the Senate) and 'Corporate and Auditing Accountability and Responsibility Act' (in the House) and commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002. It is named after sponsors U.S. Senator Paul Sarbanes (D-MD) and U.S. Representative Michael G. Oxley (R-OH).

Disaster Recovery-SOX Compliance:

Primarily, SOX details what must be reported from a financial view of your corporation, and when those reports must be made. It also details guidelines for internal compliance operations to ensure that these reports can be created on time and accurately. The SOX requirements have serious implications for your Disaster Recovery (DR) planning.

SOX clearly states a harsh set of fines and other punishments for failure to comply with the law; however, it doesn't offer any leeway when it comes to being unable to meet your requirements due to a disaster or other data-loss event. You must be able to file your reports and have the data to back them up, no matter what else may be going on in the organization or its data center.

The bottom line is that even in the case of large-scale disasters, your company could be held liable if you cannot meet the requirements of the regulations.

Corporate emails:

ALL Email backups are also included under the SOX DR plan. In an investigation, e-mail messages must be archived in their original form (including servers of origin and outgoing servers), which may reduce the potential liability for e-mail communication.

An Automated Approach with Attendance Enterprise

As Sarbanes–Oxley primarily deals with Security and Disaster Recovery relative to Software Applications, Attendance Enterprise will assist with SOX Compliance.

• SQL Database has it’s own security layers
• Users only access the Application
• SQL has “built in” scheduled database backups or 3rd party such as VERITAS Agent for SQL Server.

Attendance on Demand, the “hosted” Attendance Enterprise, or SaaS (Software as a Service) also assists with SOX Compliance.

• Multiple highly secure facilities with redundant fault tolerant environment
• Crucial scheduled database backups every 4 hours
• Rigorous Certification: SAS 70 Type II*

*The 6-month certification process, known as Statement on Auditing Standards (SAS 70) Type II, was created by the Security and Exchange Commission under provisions of Sarbanes-Oxley. It requires that controls are in place to ensure a secure environment for ANY & ALL financially related data for organizations. This rigorous third-party report demonstrates that AOD can protect sensitive data in the hosted environment.

The auditor's report is issued through guidance established by the American Institute of Certified Public Accountants (AICPA), which puts the highest scrutiny on a company’s controls and processes including: Security, Infrastructure, Process Control, Software Change Control, Reliability, and Quality.

Conclusion

Sarbanes–Oxley requires that controls are in place to ensure a secure environment for ANY & ALL financially related data for organizations, for Software Applications installed on site or “hosted” at a secure server facility. Attendance Enterprise and Attendance on Demand will assist with SOX Compliance ensuring secured access and SQL backup utilities (built-in or 3rd party).