Sarbanes-Oxley (SOX) is a security standard that defines specific mandates and requirements for financial reporting. SOX spanned from legislation in response to major financial scandals and is designed to protect shareholders and the public from account errors and fraudulent practices. Administered by the SEC, SOX dictates what records are to be stored and for how long. It affects IT departments that store electronic records by stating that all business records, which include e-mails and other electronic records, are to be saved for no less than five years. Failure to comply can result in fines and/or imprisonment.
According to Analysys Mason, only about 33 percent of cloud service providers follow SOX.