Sarbanes-Oxley Act

The Sarbanes-Oxley (SOX) Act of 2002. also known as the ‘Public Company Accounting Reform and Investor Protection Act’ and ‘Corporate and Auditing Accountability and Responsibility Act’, is a United States federal law enacted on July 30, 2002, which set new or enhanced standards for all U.S. public company board of directors, management and public accounting firms.

What are the SOX Data Destruction requirements?

(a) RULES REQUIRED- The Commission shall prescribe rules requiring each annual report required by section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m or 78o(d)) to contain an internal control report, which shall– (1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and (2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.
(b) INTERNAL CONTROL EVALUATION AND REPORTING- With respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement

To stay compliant, organizations that are covered by SOX must establish policies that keep all financial information secure and unable to be obtained by unauthorized sources. This requires that hard drives and other electronic storage media on IT assets that are slated for decommissioning must be erased so that none of the data contained on the media can be recovered.

Who must be SOX compliant?

The law applies to all domestic public companies, as well as non-public companies with publicly traded debt securities. Some sections of Sarbanes-Oxley apply to companies that do business with publicly traded companies, even if they aren’t publicly traded themselves. Subsidiaries of covered public companies can also be held liable for retaliating against a whistleblower under certain circumstances.

How can e-End keep an organization in compliance?

By providing third-party certified data destruction, e-End can ensure the sensitive data found on computers, copiers, printers and other end-of-life electronics being taken out of service is destroyed and cannot be recovered by any means

By providing third-party certified data destruction, e-End can ensure the sensitive data found on computers, copiers, printers and other end-of-life electronics being taken out of service is destroyed and cannot be recovered by any means

In addition to being NAID AAA Certified for sanitizing data on all electronic and non-paper media (including hard drives, flash drives and cell phones), we also adhere to NSA and NIST 800-88R1 guidelines for data destruction to ensure you’ll remain compliant with the SOX rules.

After our services have been completed, you’ll be issued a Certificate of Certified Data Sanitization and Certificate of Recycling for your records.

For organizations with data for destruction that, due to security reasons, cannot leave your facility, we can perform all data sanitization services onsite at your office or facility with no disruption.

Contact us today to learn more about how we can keep you compliant with FACTA and other regulations.

Computer Recycling Drop Off Location:

Monday – Friday: 9AM-4PM
Saturday - Sunday: Closed

7118 Geoffrey Way Unit E
Frederick, MD 21704
Phone: (240) 529-101
0