Demonstrate SOX compliance with WordSecure : The easiest way to send information securely.

Helping Achieve SOX Compliance with Secure Messaging

Secure email messaging has arrived. While email has evolved as a business-critical application in the last 20 years, regular email is not secure or confidential enough to meet today's business challenges. The secure messaging solution WordSecure is helping businesses – including those that need to comply with SOX – to communicate securely.

The highly publicized financial scandals of corporate giants such as Enron and Worldcom, amongst others, have had profound implications on the business world. In the wake of these scandals, the Sarbanes-Oxley Act (SOX) was passed in 2002 with the aim of establishing new standards of accountability for businesses. In other words, SOX put in place some guidelines or rules that business organizations were expected to adhere to, thus crafting a SOX compliance policy.

Understanding SOX Compliance

SOX compliance is intended to restore the trust of the general public and of investors in particular in the U.S. financial markets by requiring companies to put in place internal controls that would ensure reliability of all the financial data. In fact Sarbanes-Oxley compliance requires businesses to conduct regular compliance audits and report on the effectiveness of these internal controls on proper financial reporting. Internal controls ensure that the confidentiality, availability, access to, monitoring and reporting of customer or corporate information is handled properly at all times. SOX compliance, in turn, ensures that effective internal controls are in place at all times, thereby assuring integrity of financial information.

For SOX compliance, companies must be able to show through their compliance audits that

Section 404 in the Sarbanes-Oxley Act specifies how the internal controls are to be enforced in companies. First, the company has to show that an effective internal control structure is in place and that proper procedures for accurate and complete financial reporting is being followed. Second, the company must carry out an annual assessment of the effectiveness of these internal controls through a compliance audit – an assessment that has to be documented and later validated by a registered public accounting firm.

Sarbanes-Oxley compliance is a must for all publicly traded companies in the United States and all publicly traded non-US companies that do business in the United States. In addition, private companies who are planning their initial public offering (IPO) might be required to comply with certain provisions of Sarbanes-Oxley. Over the years though, Sarbanes-Oxley compliance has emerged as a yardstick by which to measure the transparency, reliability of financial data and operational integrity of a company. It is not surprising then that SOX compliance is being followed in many non-mandated companies as well.

Role of Secure Email in SOX Compliance

Though Sarbanes-Oxley compliance might seem to affect only the financial side of a company, since virtually all corporate information is now electronic, SOX compliance is also forcing companies to look at how all their electronic data is being handled and to ensure that this data is properly secured.

Most of the financial information that is created, stored and transferred in companies today is being done so electronically. The IT departments of these companies maintain the financial information and put in place practices and procedures to ensure the integrity of the financial information. In general, sound IT practices would include formulating information security policies and then implementing them for employees at different levels. These policies would cover a broad range of issues related to electronic data such as encryption, authentication, logging, monitoring, alerting, incident response, network security, access control and many more. The aim of these policies would be to ensure security of this information and data during storage and transport, to ensure the integrity of information and data retention, as well as to enable regular compliance audits.

Obviously, secure email communication plays a very important role in Sarbanes-Oxley compliance. Today, email is the main tool for internal and external communication for companies and as such has become a critical business application. By putting in place effective email controls, companies will not only ensure SOX compliance, but will also provide greater security for the information that is being transferred through email.

Companies therefore have to look at secure email solutions that will ensure that internal controls are not compromised and that there is complete control over access to the company's confidential information that is stored in an electronic form. This would include access during the transport of the information through email or access to any static information that could be residing on a remote site. A secure email system will ensure appropriate control over who accesses the data, and more importantly, provide complete security for the information or messages that are being shared. Such a system should have:

  • Secure remote access capabilities that will allow only authorized users to remotely access the messages, while unauthorized users would be prevented access.

  • Encryption capabilities for the secure and authenticated delivery of email messages to ensure the confidentially of the messages.

  • Archiving capabilities of incoming, outgoing and internal communications to meet with the record retention requirement of SOX compliance.

For many years, companies addressed the various email security concerns and requirements by using a combination of software solutions. However, with adherence to SOX becoming a priority, companies are looking for one powerful secure email solution that will address their concerns about the security of data transfer and also help them with SOX compliance.

Helping Businesses Achieve SOX Compliance

WordSecure is a fast, secure messaging technology that helps companies, their clients, employees and associates exchange encrypted messages as well as encrypted files and confidential information such as financial or other important business data. WordSecure's encrypted and authenticated delivery of email messages is one of the important requirements for business's SOX compliance.

WordSecure is a web-based solution and as such can integrate seamlessly with a company website. It is not only affordable and easy to use, there is no additional software to install or learn. This eliminates the need for the company to have in-house IT expertise to install the software or to train employees to use it. Within just a few minutes of purchasing the WordSecure TurnKey version, employees and clients of a business can use it to start exchanging secure messages. WordSecure also has an Enterprise version that allows businesses to archive messages for a period of six-years. This way, WordSecure's archiving capabilities meet the record retention requirement of SOX compliance.

Getting started with WordSecure is very simple. Once your company buys a WordSecure plan, you can invite clients to sign up for the new WordSecure business account. Your client authenticates the WordSecure connection and is ready to start receiving messages through WordSecure. The next time you send a message to that client, it is stored securely within the WordSecure SSL encrypted environment. WordSecure notifies your client immediately about the message stored through a notification email – the client can then log in and retrieve the message immediately.

If you're looking to meet SOX compliance requirements for your business, acquiring a secure messaging solution is the most important step to follow; it ensures the security, confidentiality and retention requirements of electronic messages and files needed for SOX compliance.

Top of page   •   Copyright © 2007-2011 WordSecure, LLC. All rights reserved.