products solutions support purchase company


The Act

The Sarbanes—Oxley Act of 2002 was enacted to “…protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes.” (Preamble to the Act)

Section 302—Corporate Responsibility for Financial Reports, the SEC adopted rules that require the “…principal executive and financial officers each to certify the financial and other information contained in the issuer's quarterly and annual reports.”

Section 404—Management Assessment of Internal Controls, the Securities and Exchange Commission established rules “…to insure an adequate internal control structure and procedures for financial reporting…” Among other things, the SEC rules define "internal control over financial reporting" as including policies and procedures that “…[p]ertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the registrant…”

Section 409 requires rapid disclosure of information concerning material changes in the financial or operational conditions of a reporting company.

How FileSECURE helps

The Sarbanes—Oxley Act generally, and these Sections particularly, demand that businesses maintain controls over the information that underlies SEC reporting.

Effective information management that meets Sarbanes—Oxley requirements include:

• Protection of information in primary databases from unauthorized access.

• Control of access to information based on user need/authorization.

• Control of access to information even when extracted from primary databases and moved to a non-secure environment online or to off line electronic media.

• Control of access to and dissemination of information once it has moved beyond the boundary of the enterprise (for example real time control of disclosure of financial information).

• Tracking of information use and movement to insure information integrity.

Additional Detail

The Sarbanes-Oxley Act (SOA) is comprised of a number of sections, each of which requires action by the reporting (issuing) company. SOA is very long and very complex. It consists of many sections with wording that requires significant interpretation. SOA does not specifically require persistent security of information. Manual methods can be used to implement most requirements at a significant cost. However, many of the SOA requirements can be implemented more efficiently and with less likely failure of compliance with the use of AirZip FileSECURE.

SOA requires that information access be monitored and controlled. SOA requires that records be kept on who prepares certain information. SOA also requires that data repositories be established. The data in these repositories must be protected and access to the information limited to appropriate people. Since the data often describes financial performance of the company, disclosure to the public must be very carefully controlled. To implement such controls, the security and tracking features of AirZip FileSECURE can greatly reduce administrative costs and increase confidence in complying with SOA and other laws and regulations.

Section 302 – Corporate Responsibility for Financial Reports – requires the CEO and CFO to prepare a statement certifying financial statements and disclosures. To accomplish this, sources of information and integrity of content of files must be tightly tracked. AirZip FileSECURE can be used to insure that files are changeable only by specified people and that every access to those files is tracked. This can increase CEO and CFO confidence in the integrity of the information.

Most of the attention thus far has focused on Section 404-Management Assessment of Internal Controls. This section requires that an “internal control report” must accompany an annual report taking responsibility for and assessing the effectiveness of internal controls. This requires that internal processes supported by technology must be vetted on a continual basis. AirZip FileSECURE can be an important tool for managing the security of files in the internal control system.

Only recently has attention been placed on Sec. 409 – Real Time Issuer Disclosures. Section 409 of the Act requires ‘real-time issuer disclosures’ on ‘rapid and current basis’ that may include trend and qualitative information along with graphic presentations. Material changes affecting financial disclosures must be reported on a “rapid and current basis”. Depending on the “material change”, SEC reports may have to be transmitted as quickly as two days after the event. Section 409 states, “Each issuer reporting … … shall disclose to the public on a rapid and current basis such additional information concerning material changes in the financial condition or operations of the issuer, in plain English, which may include trend and qualitative information and graphic presentations, as the Commission determines, by rule, is necessary or useful for the protection of investors and in the public interest.” AirZip FileSECURE can be a valuable tool supporting the rapid confidential communications of information between decision makers during the time prior to a possible SEC report supporting the decision making process determining if such a SEC report is appropriate in each specific case.

With AirZip FileSECURE, risk is reduced by supporting consistent confidential business communications processes throughout the organization. Consistent finance-related information can be made available to top management rapidly without risk of improper disclosure of the information used in decision making processes. AirZip FileSECURE can also support the appropriate retention and elimination of files consistent with laws and regulations.

More about AirZip FileSECURE>>


Information Protection Document Control Operational efficiency
Secure Communications Regulatory Compliance Solutions by Industry