Sarbanes-Oxley Compliance

Click the icon to view the SOX Compliance information below in a PDF.

Much of the legislative vernacular to describe SOX compliance is vague and non-specific; this gives governing bodies a great deal of latitude to argue entities may be out of compliance if their solutions are not of a proper standard (section 404 does not specify the methods to be used or procedures to be performed in an evaluation of internal controls). This ambiguity has allowed virtually all vendors of online backup to claim their solution are SOX compliant, when in fact; their implementation may put your organization at risk. For instance, many online backup providers will automatically delete the backup file on their servers when deletion occurs on the client side. Gillware Data Services offers true protection; simply deleting a file on the client side does nothing to the server side archived backup. Great care must be taken choosing an online backup vendor.

The following few paragraphs restate portions of the Sarbanes-Oxley legislation that are relevant to data backup. These are followed by a discussion of how Gillware can help.

The Rules

Section 103(a)(2)(A)(i) - Retention

Prepare and maintain, for a period of not less than 7 years, audit work papers and other information related to any audit report, in sufficient detail to support the conclusions reached in such report.

Section 105(b)(2)(B) - Production

Require the production of audit work papers and any other document or information in the possession of a registered public accounting firm or any associated person thereof, wherever domiciled, that the Board considers relevant or material to the investigation, and may inspect the books and records of such firm or associated person to verify the accuracy of any documents or information supplied;

Section 301(4)(A)(4) - Complaints

Each audit committee shall establish procedures for (A) the receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters;

Section 802(a) - Penalties

Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States of any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned for not more than 20 years, or both.

Section 404 - Assessment of internal control

• Assess both the design and operating effectiveness of selected internal controls related to significant accounts and relevant assertions, in the context of material misstatement risks;
• Understand the flow of transactions, including IT aspects, sufficient enough to identify points at which a misstatement could arise;
• Evaluate company-level (entity-level) controls, which correspond to the components of the COSO framework;
• Perform a fraud risk assessment;
• Evaluate controls designed to prevent or detect fraud, including management override of controls;
• Evaluate controls over the period-end financial reporting process;
• Scale the assessment based on the size and complexity of the company;
• Rely on management's work based on factors such as competency, objectivity, and risk;
• Conclude on the adequacy of internal control over financial reporting.

How Gillware Can Help

1. Gillware Data Services online backup solution creates an automated, secure, offsite backup of critical data; deletion of files from the client system has no effect on the archived data. Gillware Data Services can adhere to any organizations file retention policies. (Rare in online backup)
2. Gillware Data Services revision retention feature can be configured to retain a limitless number of data restore points. (Rare)
3. Gillware Data Services virtual server acts like a local hard drive with the exception of a delete feature. Restoring files is both easy and intuitive using the Windows explorer environment. (Common)
4. Gillware Data Services online backup solution can be configured to provide true, point of origin data backup and is easy to deploy on desktops, laptops, virtual machines, and server configurations. The client side software generates a unique archive ID and encryption key during each installation. A license key and password provided by Gillware Data Services is also required at that time. (Common)
5. Gillware Data Services installation wizard will automatically backup any Outlook data files on any local or remote computers by accepting the default installation settings. Installed on an exchange server, the software can be configured to backup files while in use and create an offsite archive of your organizations exchange database files. (Rare)
6. Gillware Data Services will provide your organization a solid foundation for internal process control, record retention, alteration and destruction. (Common)
7. Gillware Data Services unique auditing feature allows our technicians to ensure your critical data is consistently archived. Audit logs are used to review previous backups, unsuccessful backups, errors and warnings. That information is cross-reference against data currently, previously, and not marked for backup. (Totally unique and imperative)
8. Gillware Data Services hosts its servers in world class data centers complete with power backup through data grade UPS (150kVA Liebert Series and diesel generator; tested weekly), dry fire suppression (FM200 system), 20 tons of cooling, 24/7 security monitoring, electronic security card access, security cameras and glass break detection. Connection to the internet is provided by TDS and protected by SONET infrastructure. Not dependent upon any one vendor, multiple connections to the internet and an OC48 infrastructure between sites in Madison, Chicago, Atlanta and New York City. Also, GigE connections to peering locations in Washington DC and Palo Alto, CA. Burstable bandwidth up to 200Mb. (somewhat unique, although the speed of our backups are without equal)