Skip to content

Practical IT systems for dealing with SOX Compliance for Small and Medium Business

June 19, 2008

Sarbanes-Oxley is seen by many vendors as the next big opportunity to sell equipment since Y2K. This, at least, is the perception by many corporate IT managers. Companies need to review their storage infrastructure and procedures; this means opportunities for new products, as well as for updates of existing systems.

In terms of software, companies need to find solutions that provide auditing of access to storage, access to specific records in storage, and verification that stored records have not been altered. Backup and storage companies are developing systems for documents and records as well as for e-mail, which presents special difficulties.

Technology is critical for compliance. There is now a wide range of software available from point solutions to platform-level solutions that adapt infrastructure designed for other purposes, including business process automation, document management, financial management, or storage management.


Point solutions are specifically focused on Sarbanes-Oxley, provide depth of coverage, and may be appropriate for the first year of compliance in order to put a framework in place and ensure that deadlines can be met.

Platform solutions provide breadth and may serve as infrastructure supporting broader compliance and risk management objectives. For the long term, an infrastructure level approach is likely to be required.

Short-term compliance packages generally provide a methodology framework, project management, workflow review and approval, documentation management, ad hoc reporting, and integration with third-party reporting tools. In themselves, they can only aid in the process and provide a starting point for a continuing effort. Specialist point solutions include:


Handysoft SOXA Accelerator.

Movaris Certainty.

Nth Orbit Certus.

OpenPages Sarbanes-Oxley Express.

Paisley Consulting Risk Navigator.

However, the initial rush toward “point solutions” specifically designed to manage Sarbanes-Oxley compliance is largely over. Companies need to put long-term solutions in place that address not only Sarbanes-Oxley, but also the other regulations that might come into play. Solutions need to be able to withstand an external audit, and IT managers will need to be able to verify that appropriate solutions are in place. Long-term compliance will require platform-level solutions with direct linkage to ERP and process modelling tools. Platform-level solutions include:


Oracle Internal Controls Manager.

PeopleSoft Enterprise Internal Controls Enforcer.

SAP Management of Internal Controls (MIC).

SAS Institute’s Corporate Compliance for Sarbanes-Oxley.

Documentum-EMC Corporate Compliance and Governance Edition.

FileNet Compliance Framework.

IBM Lotus Workplace for Business Controls and Reporting.

Microsoft Office Solution Accelerator for Sarbanes-Oxley.

OpenText Livelink for Corporate Governance.

Stellent Corporate Governance Solution.

In addition to general document storage, special attention must be paid to message storage and archiving. A number of storage solutions are available specifically to solve the e-mail storage issue, such as MessageArchive by IntelliReach, as well as systems by KVS, Zantaz, iXOS, and AXS-One for Microsoft Exchange. Other solutions are available for Lotus Notes and UNIX.

In terms of hardware, no specific technology is favoured, but the most obvious solution is use of WORM tape, optical media, and data cartridges. Storage must now be tamperproof. WORM provides a built-in protection against rewriting. If more information is to be added, it is appended to the media, thus retaining the original data and organization. WORM tape drives are highly efficient and swift. Optical disks, also providing WORM technology, have restricted capacity and performance, and have a relatively high cost per megabyte of storage. WORM tape drives currently provide capacity of up to 1.3 terabytes and performance of up to 280 gigabytes per hour.

Solutions are now available from Sony and Quantum. The Sony solution is a WORM-enabled Super-AIT (SAIT) and AIT (Advanced Tape Technology) tape drive. These drives use special cartridges, with WORM capability added through firmware stored in the cartridge Remote Memory-in-Cassette chip. The drives themselves accept both WORM and standard read/write tape media. The WORM tape media storage will also last for about 30 years, which is sufficient to meet most storage requirements

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: