Sarbanes-Oxley (SOX) Act Compliance

Sarbanes-Oxley (SOX) Act Compliance

The Sarbanes-Oxley (SOX) Act of 2002 legislates how long and the manner in which companies store their financial records. Created largely in response to the Enron and WorldCom scandals, the SOX act is designed to safeguard against accounting errors and other illegal financial activities. In placing a more rigorous requirement on financial reports the storing of the records becomes vitally important because the trail of transactions must be secure.

The act specifically states that electronic records must be saved for at least five years to ensure that the auditors and other regulators can easily obtain requested documents.

The regulated companies in choosing a storage method will therefore look to a format that will insure it can satisfy the legal requirements of the SOX, i.e. the increased use of online remote data storage facilities / programs.

As an online data storage facility, IDrive is not privy to the contents of the information stored for a client. The customer must maintain responsibility for ensuring that it is in compliance as to what information is being kept and who in the organization (including independent auditors) has access. IDrive is only responsible for the availability and security of the information being stored and has put safe guards in place to ensure appropriate quality control standards.

IDrive assists with SOX compliance in the following manner:
  • The data files backed up are encrypted on transfer and stored using AES 256-bit encryption and automatically decrypted during restores. The encryption is based on the private encryption key so that the data stored on IDrive servers cannot be decrypted by anybody other than you or a designate
  • Your files are logged with a date and time stamp each time they are accessed
  • All backups are immediately available from the web
  • Data remains on the IDrive servers for as long as you want to retain it


  • IDrive cloud backup offers the choice of employing private encryption which is known only to the user and not stored on IDrive servers, in addition to default encryption. Explore the distinction between private and default encryption here.
  • Google Workspace Backup and Microsoft Office 365 Backup employ industry-standard default encryption protocols to ensure secure data storage.