sox-compliant-seal-content-central-logo
parallax layer

Sarbanes-Oxley Act (SOX) and DMS

The Sarbanes-Oxley Act, (or SOX), also known as the Public Company Accounting Reform and Investor Protection Act of 2002, was enacted in response to a number of major corporate and accounting scandals, like Enron and WorldCom. In response to these scandals, SOX legislation imposed new reporting and record-keeping requirements on all publicly-traded companies mandating that executives of those companies take personal responsibility for the procedures and integrity of the company’s financial reports and data.

As a result of these stringent rules and subsequent accountabilities, most company executives look for software solutions like document management software to automate and streamline their internal financial reporting and processes while ensuring they meet compliance.

Compliance

SOX is organized into 11 sections, though Sections 404 and 302 are the biggest areas of focus when looking at a software purchase.

Section 404

requires management to take responsibility for the integrity of financial information by evaluating IT systems and processes and then producing evidence that the company has done a reasonable job in keeping sensitive information safe.

Section 302

requires that the CEO and CFO issue periodic statements certifying that adequate controls are in place for the protection of financial information in the organization.

Ignorance of a vulnerable system is no longer a defense since CEO’s and CFO’s are now personally accountable for this information. Finally, to be SOX compliant, the company must have regular external audits that ensure that data is accurate, unaltered, and that it offers a true representation of the company’s financial position.

Software Requirements

To comply with the requirements of SOX, you’ll be looking for a flexible software system that simplifies record-keeping and management of documents throughout the lifecycle of the financial reporting process.

Many organizations struggle understanding SOX compliance requirements since there are no easy-to-read checklists to follow. Let’s take a look at compliance requirements as they pertain to software keeping in mind that they are centered around the necessity for appropriate filing and retention of financial documents, as well as the preservation of audit records.

Access Controls

Access must be controlled to protected financial data via means like unique user-rolls and user-based permissions. All points of access to data, (database, file, folder, etc.), must be appropriately restricted to only provide access to those that are permitted.

contentcentral-tip-icon

How Does Ademero Measure Up?

With Content Central, each user is unique and can be configured to automatically logoff after a set amount of inactivity.

Also, Content Central administrators have full control of user-based permissions so your users only have access to data they need.

Auditing & Logging

Audit controls monitor activity on software systems that contain protected information. The ability to monitor logon and logoff activity, file access, updates, edits, and any security incidents are the main features required for compliance. Common tools that provide this functionality include

are the main features you’re looking for in your software to meet compliance and must be as close to real time as possible to be useful. You will also need a policy in place within your company/office/etc. to regularly monitor using tools provided in the software; tools like

Tool 1

Document History - including updates, edits, etc. to any document

Tool 2

Event Logging - including user access, incidents, etc. system-wide

Tools and features could be named differently depending on your software solution but must cover these basic needs outlined above so administrators can easily view a document or system’s historic data for audits.

contentcentral-tip-icon

How Does Ademero Measure Up?

Ademero‘s detailed system auditing and event logging allows you to track logon and logoff activity, file access, updates, edits, and helps you identify potential security incidents before they happen.

Each document has it’s own extensive auditing through our Document History that monitors other common file tasks as well like copying, checking in and out, downloading, and more.

Integrity

Ensuring the integrity of the financial data is the goal, so software should provide evidence that data has not been modified or altered.

Confidentiality

Confidential information cannot be exposed to unauthorized entities. Features like Encryption and Decryption, Automatic User Logoff, and Unique User Login and Passwords help ensure compliance is easily met.

A unique name and/or number for identifying and tracking user identity

Unique User Identification

A unique name and/or number for identifying and tracking user identity

Automatic termination of an electronic session after inactivity

Automatic Logoff

Automatic termination of an electronic session after inactivity

The conversion of data from a readable to an unreadable format and back again.

Encryption & Decryption

The conversion of data from a readable to an unreadable format and back again.

contentcentral-tip-icon

How Does Ademero Measure Up?

Data security is one of the top reasons users choose Ademero. Whether files are at rest or in transit, data is encrypted with tools like SSL and protected against unauthorized intrusion.

Availability

Since authorized individuals must be provided access to financial data, considerations for compliance with this requirement go beyond the ability of software alone. Physical safeguards like data backups and facility security are considerations that must be applied to meet compliance.

Change Management

The U.S. Securities and Exchange Commission, (or SEC), must be notified of any material changes to the process that governs the flow of financial data. Software that features System Event Logging can make this process exponentially easier by providing a reliable and tamper-resistant way to provide data to the SEC.

Keeping it Simple

The hardest part about SOX is knowing exactly what it takes to meet compliance with whatever software you choose, but it doesn’t have to be. It’s actually pretty easy from the software side, which should help you narrow in on the one you want to purchase pretty quickly. When you boil it down, SOX requires publicly-traded companies, (or those planning to become public), to:

• Establish a financial accounting framework that can generate financial reports that are readily verifiable with traceable source data.

• Source data must remain intact and cannot allow for undocumented revisions.

• Any revisions to financial or accounting software must be fully documented including what changed, why it changed, when it changed, and by whom the change was made.

When it comes to picking a DMS, there are several features you’ll need in order to meet compliance. Individual software might call these by different names, but in the end, you’ll be looking for features that provide:

Unique User Identification

Password Protection

Automatic Logoff

Transmitting Data Encryption & Decryption

Complete Electronic History of Documents

System Event Logging

Login Monitoring

If you’re using your DMS provider to host your system on the cloud, then you’ll also be looking for the requirements for Physical Safeguards like

Data Backups

Redundant Power Servers

Disaster Recovery Plan

Physical Security

Video Surveillance

Fire Suppressant

Limited Access to Servers

contentcentral-tip-icon

How Does Ademero Measure Up?

Ademero works closely with Google Cloud Platform to provide secure data-center facilities for your documents and information.

Pairing with such a trusted name has significant benefits for our hosted customers like third party auditing, trusted infrastructure and facility controls, and compliance with numerous standards beyond those for SOX Compliance.

When it’s all said and done, you’ll be looking for much more out of your DMS than just an electronic version of a file cabinet. You’re looking for a robust and simple solution that meets all your needs at one low price. One that’s fast to implement, has all the features you need, with a snappy user interface that’s easy to use and understand.

Content Central will keep your office moving with features that do more than just help you meet SOX Compliance. But don’t just take our word for it, give it a try for yourself and see your customized solution in action.

Sign up for a free trial of our Document Management Software today to see just how Content Central works for meeting SOX Compliance.

Sign Up For Free Trial

Sign up for a free trial of our Document Management Software today to see just how Content Central works for meeting SOX Compliance.

Schedule a personalized demonstration today to see exactly how Content Central can help you meet Sarbanes-Oxley Compliance today.

Schedule a Demo

Schedule a personalized demonstration today to see exactly how Content Central can help you meet Sarbanes-Oxley Compliance today.

Learn more about Content Central and how it will help you meet compliance with videos, brochures, and other downloadable information.

There's More to Discover!

Learn more about Content Central and how it will help you meet compliance with videos, brochures, and other downloadable information.