How to Comply with Sarbanes-Oxley Section 802

Miguel Veliz, Front-Line Support Engineer at IPRO

Most of us have a junk drawer (or maybe even a closet!) in our home. It’s a place to store items that we know we need to keep, but we don’t know where to place them. If we’re not careful, the junk drawer can get so full that it won’t close properly, we forget what we have in it, and it becomes impossible to find anything.

At that point, we must spend a lot of time and energy sorting through the mess and finally putting things where they belong. Firms can face similar challenges when thinking about records retention for Sarbanes-Oxley Section 802.

While it’s easy to try to save everything to avoid compliance violations, document storage can turn into one big junk drawer for the entire company.

Not only does it put accessibility and retrieval of required information at risk, compliance violations could occur. Firms must observe various statutory considerations when establishing recordkeeping policies, including Sarbanes-Oxley (SOX) 802, which sets forth a variety of document maintenance requirements.

Previously, only accounting records, contracts and other legal documents had record retention guidelines. After SOX became effective in 2002 as a result of a number of accounting scandals during that time period, nearly every document became subject to rules and regulations regarding specified periods of retention, including, emails, chats, internal memos and voicemails.

Requirements vary depending on the nature and purpose of the records and can be very complicated to decipher. The rule states that all records “relevant to audit or review”, including documentation inconsistent with audit findings are required to be maintained for at least seven years.

Records that have minimum retention periods include the following, but are not limited to:

Accounting Records 7 years
Audit Reports Permanently
Contracts and Leases Permanently
Employee Records Permanently
Invoices 5 years
Training Manuals Permanently

To make matters worse, SOX 802 also imposes penalties, including up to 20 years of prison time, for altering, destroying or falsifying records and documents under certain circumstances. These reasons alone indicate why it is so important to establish the right recordkeeping policies and procedures with a firm.

Archiving is different from basic digital storage because it establishes a set of rules and procedures for scanning, indexing and archiving documents.

Legal archiving takes this concept a step further to consider various regulatory requirements related to the security, accessibility, version control, and integration of documents. Various compliance considerations related to record retention, document maintenance, and destruction are an essential part of the process.

In fact, if done correctly, legal archiving can replace all hard copy documents, allowing for the safe destruction of paper files altogether. Security is a critical piece of legal archiving, allowing records to be retained while adhering to privacy laws and security best practices.

Technical measures such as encryption, container files and appropriate back-up & disaster recovery plans allow for the utmost security over all confidential and privileged customer information and valuable internal communications.

A Neat Solution for Sarbanes-Oxley Section 802

Legal archiving is clearly the best answer to many record retention challenges. Starting with a clean slate, firms can organize records in a way that makes searchability and accessibility a top priority, while ensuring safe and secure storage. Companies can store documents while setting limits on access and editing properties, essential for an adequate paper trail.

Regulatory requirements can always be a lead driver when setting the parameters and rules used during the archival process to ensure compliance with applicable laws. Legal archiving is a long-term solution to ensure that documents remain accessible and secure for as long as necessary.