What is the Sarbanes-Oxley Act?

The Sarbanes-Oxley Act, sometimes referred to by the acronym SOX, was signed into law on 30 July 2002 by President Bush. The Act is designed to oversee the financial reporting landscape for finance professionals. Its purpose is to review legislative audit requirements and to protect investors by improving the accuracy and reliability of corporate disclosures.

What does SOX cover?

SOX’s fill name gives a summary of what the law covers.

Public Law 107 202 – Sarbanes-Oxley Act of 2002

An act to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes.

The act covers issues such as establishing a public company accounting oversight board, auditor independence, corporate responsibility, and enhanced financial disclosure. It also significantly tightens accountability standards for directors and officers, auditors, securities analysts and legal counsel. The law is named after Senator Paul Sarbanes and Representative Michael G. Oxley.

Why was the Sarbanes-Oxley Act created?

The Sarbanes-Oxley (SOX) Act is a 21st-century U.S. milestone data compliance and disclosure law created to protect both investors and businesses by improving the accuracy and reliability of corporate disclosures.

Portions of this definition originally appeared on Datamation.com and are excerpted here with permission.

The SOX Act was passed in 2002 after several major fraud cases made it clear that additional safeguards needed to be in place to protect the integrity of businesses and investors from malicious actors.

The bill guards against faulty or misrepresented disclosures of publicly traded companies’ financial data and requires C-suite executives to take responsibility for honest financial reporting, formalized data security policies, and documentation of all relevant financial details.

By requiring companies to maintain a thorough, accurate record of their financial data and to upkeep their network security around their financial data, SOX ensures internal and external shareholders are not given false information about their investments.

What are the SOX Act’s important features?

Sarbanes-Oxley Act cover page.
The cover page of the Sarbanes-Oxley Act of 2002.

The Sarbanes-Oxley Act:

  • Establishes auditing policies, procedures, and standards through the Public Company Accounting Oversight Board (PCAOB)
  • Prevents conflicts of interest between auditors, their clients, and the services they exchange
  • Ensures senior executives are held responsible for maintaining accurate financial statements and reports and requires the CEO to sign company tax returns
  • Defines scenarios in which a broker, advisor, or dealer can barred from practicing
  • Provides certain protections for whistleblowers while also enforcing criminal penalties for violators who knowingly manipulate financial data or obstruct investigations
  • Establishes and supports reporting and compliance enforcement on the part of the U.S. Securities and Exchange Commission (SEC)

Datamation goes in depth on how SOX impacts tech companies with SOX Requirements and Rules.

What are data-specific rules in the SOX Act?

As the SOX Act regulates the financial data of publicly traded companies, the federal law enacts several rules for financial data, especially as it relates to corporate transactions.

The rules require companies to submit for regular external audits and enable companies to conduct internal reporting and controls to support financial data accuracy. Companies are also expected to report to the SEC with concrete evidence of changes in the financial condition.

In addition to federal regulations, the SOX Act also requires an internal control report, which details all of a company’s financial history, and additional documentation that indicates financial data is monitored regularly.

Specific data points that should be included in the internal control report include:

  • Demonstration of internal controls
  • Network, database, and user activity
  • Security concerns related to activity, such as failed logins and authentications
  • Information access

And while the SOX Act does not outline any specific security protocols or expectations, the SEC requires formal data security policies with proof of communication and enforcement across a corporate network.

Where can the Sarbanes-Oxley Act be downloaded?

Download and read the Act in its entirety from the US Government Printing Office.



Shelby Hiter
Shelby Hiter
Shelby Hiter is a writer with more than five years of experience in writing and editing, focusing on healthcare, technology, data, enterprise IT, and technology marketing. She currently writes for four different digital publications in the technology industry: Datamation, Enterprise Networking Planet, CIO Insight, and Webopedia. When she’s not writing, Shelby loves finding group trivia events with friends, cross stitching decorations for her home, reading too many novels, and turning her puppy into a social media influencer.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Virtual Private Network (VPN)

A virtual private network (VPN) encrypts a device's Internet access through a secure server. It is most frequently used for remote employees accessing a...

Gantt Chart

A Gantt chart is a type of bar chart that illustrates a project schedule and shows the dependency between tasks and the current schedule...

Input Sanitization

Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and...

IT Asset Management Software

IT asset management software (ITAM software) is an application for organizing, recording, and tracking all of an organization s hardware and software assets throughout...


ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...


Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...