Our Services › Compliance

Compliance aside, message archiving offers practical self defense, whether archiving for compliance, archiving for investigations, or archiving for policy enforcement

The threat of litigation looms over every business today. Changes were made on December 1, 2006 to the Federal Rules of Civil Procedure that should concern anyone who may end up in court over a dispute.

During discovery, you must be prepared to produce any kind of information requested by the court, including email correspondence. The cost of electronic discovery can be enormous. Compliance with government and industry regulations is a challenge too; email retention is a requirement for small publicly traded companies, broker-dealers, hedge fund managers, investment advisors and financial services organizations which must meet strict SOX, SEC, NYSE or NASD regulations. These firms must maintain a secure, non-alterable, searchable archive of their email for as long as six years in some instances. All email messages must be "readily accessible" in an audit for at least two years. Our data backup service ensures that your company will be able to meet these compliance standards.

Another 9^®’s Email Archiving Service is an affordable solution designed for firms to comply with regulations or best practices. It's a fully managed data backup solution that captures all of a user company's incoming and outbound email messages on a continuous basis from an unlimited number of mailboxes. It requires no software or hardware purchase or professional services expense and can search up to one million emails per second based on flexible criteria.

We're completely compatible with Microsoft Exchange and Lotus Notes. Once installed, all emails are instantly and continuously saved and indexed to disk, plus archived and indexed to optical disc —making them immediately available for retrieval in a manner compliant with the user company's corporate policies, as well as with industry regulations

Call us today for a demonstration or to put our archiving solution to work for you. Ask us about a fully managed data backup solution using your present mail system or our Hosted Microsoft Exchange service. We'll be happy to show you just how easy it is to comply with regulations and protect yourself.

Sarbanes Oxley Challenges and Solutions,
the Sarbanes-Oxley Act of 2002
With the inception of the Sarbanes-Oxley Act of 2002, many companies as well as all Registered Public Accounting Firms are held to a set of stringent guidelines regarding the storage and management of their financial data. These rules set guidelines for how data should be stored, accessed, and retrieved. Companies who select Another 9 to help them archive for compliance standards and meet their compliance requirements will find our data backup solutions are compliant with Sarbanes-Oxley as well as intelligently reformed in order to make the necessary audits and record keeping as easy as possible.

Another9 has acted to ensure our products help companies meet compliance challenges quickly and easily.

Section 103: Auditing, Quality Control, And Independence Standards And Rules.

The Board shall:
(1) register public accounting firms;
(2) establish, or adopt, by rule, "auditing, quality control, ethics, independence, and other standards relating to the preparation of audit reports for issuers;"
AssuredBackup and AssuredSync move the data to a secure off-site datacenter where it is safely stored and readily available for an audit. An auditor with proper security clearance can log into our appliance, extract the necessary files and conduct the audit off-site. They may also use this process to ensure the necessary files are being produced in a timely manner. This allows for quality control and secure-auditing.
(3) conduct inspections of accounting firms;
(4) conduct investigations and disciplinary proceedings, and impose appropriate sanctions;
(5) perform such other duties or functions as necessary or appropriate;
(6) enforce compliance with the Act, the rules of the Board, professional standards, and the securities laws relating to the preparation and issuance of audit reports and the obligations and liabilities of accountants with respect thereto;
(7) set the budget and manage the operations of the Board and the staff of the Board.
The Board must require registered public accounting firms to "prepare, and maintain for a period of not less than 7 years, audit work papers, and other information related to any audit report, in sufficient detail to support the conclusions reached in such report."

Another 9 automates this process to a large degree. As the accountants create their financials, they can be 'captured' on a daily basis. An audit report can be generated as to when the reports were created and then the necessary files can be pulled up for review. The "other information related to any audit report" will be the time and date that the report was created, the size of the file, the time stamp on the file, and whether or not it was updated since its creation. These reports can be sent to the Accountants and/or the Board on a daily, weekly, monthly, or quarterly basis.

The Board must adopt an audit standard to implement the internal control review required by section 404(b). This standard must require the auditor evaluate whether the internal control structure and procedures include records that accurately and fairly reflect the transactions of the issuer, provide reasonable assurance that the transactions are recorded in a manner that will permit the preparation of financial statements in accordance with GAAP, and a description of any material weaknesses in the internal controls.

Another 9's data backup solution captures every single record that is created requiring an audit. Furthermore, the auditor can review these records remotely, having access not only to the records themselves but also to the detailed reports that show when they were created. This allows the auditor to judge whether the records fairly and accurately reflect the transactions of the issuer and allow the auditor to determine exactly how and when the transactions were recorded for GAAP accordance. The entire process will take place in an automated fashion, allowing the auditor to easily assess weaknesses in the internal controls and the timing of any critical operations.

Section 104: Inspections of Registered Public Accounting Firms
Annual quality reviews (inspections) must be conducted for firms that audit more than 100 issues, all others must be conducted every 3 years. The SEC and/or the Board may order a special inspection of any firm at any time.

With Another 9's Backup, all the information required for an audit is readily available at any time, on request. This drastically reduces the amount of preparation work traditionally required for an audit. Even if a firm has 10 years worth of financial records that must pass a quality review/inspection, all those records can be accessed through Another 9 in minutes, complete with an audit trail.

Section 105(d): Investigations And Disciplinary Proceedings; Reporting of Sanctions.
All documents and information prepared or received by the Board shall be "confidential and privileged as an evidentiary matter (and shall not be subject to civil discovery other legal process) in any proceeding in any Federal or State court or administrative agency, . . . unless and until presented in connection with a public proceeding or [otherwise] released" in connection with a disciplinary action. However, all such documents and information can be made available to the SEC, the U.S. Attorney General, and other federal and appropriate state agencies.

Confidentiality and security are keystone features of the AssuredSync software. In addition to the extremely powerful 128-bit encryption algorithm and the SSL secure connection, AssuredSync can restrict access to audit information and financials by allowing access only to a specific range of IP addresses. This allows a firm to hand-select the computers that are allowed to access their information.

Section 107(d): Censure Of The Board And Other Sanctions.
The SEC shall have "oversight and enforcement authority over the Board." The SEC can, by rule or order, give the Board additional responsibilities. The SEC may require the Board to keep certain records, and it has the power to inspect the Board itself, in the same manner as it can with regard to SROs such as the NASD.

If the board is required to keep current or archived records available, AssuredSync can do this automatically. The records can be mirrored between multiple datacenters and made completely fault-tolerant. Information can be archived for an indefinite amount of time.

Section 203: Audit Partner Rotation.
The lead audit or coordinating partner and the reviewing partner must rotate off of the audit every 5 years.

Another 9’s Backup paves the way for automation and simplified reporting, making a transition simple and painless. We help eliminate the need to spend countless hours bringing a new lead audit or reviewing partner up to speed every 5 years – Another 9’s Backup allows them to quickly see what has occurred in the last 5 years and easily transition into the new environment.

Section 302: Corporate Responsibility For Financial Reports.
The CEO and CFO of each issuer shall prepare a statement to accompany the audit report to certify the "appropriateness of the financial statements and disclosures contained in the periodic report, and that those financial statements and disclosures fairly present, in all material respects, the operations and financial condition of the issuer." A violation of this section must be knowing and intentional to give rise to liability.

Another 9’s Backup gives the chief executives visibility as to what is being presented. They can review the audit reports in advance to become personally familiar with what information is being shared and how it has evolved from day to day, month to month. This gives them confidence because all the information is at their fingertips allowing them to approve financial statements with greater peace of mind. Having everything clearly documented in a report is much more reassuring than relying on the record-keeping abilities of others, which may or may not be 100% reliable. This mitigates the risks described in the Sarbanes-Oxley Act for the chief executives.

Section 401(a): Disclosures In Periodic Reports; Disclosures Required.
Each financial report that is required to be prepared in accordance with GAAP shall "reflect all material correcting adjustments . . . that have been identified by a registered accounting firm . . ." "Each annual and quarterly financial report . . . shall disclose all material off-balance sheet transactions" and "other relationships" with "unconsolidated entities" that may have a material current or future effect on the financial condition of the issuer. The SEC shall issue rules providing that pro forma financial information must be presented so as not to "contain an untrue statement" or omit to state a material fact necessary in order to make the pro forma financial information not misleading.

Another 9’s Backup captures every change that is made to financial records and stores those files as evolving 'versions' of the same document. Therefore, any adjustments that are made to financial reports are captured by the Another 9’s software and an audit report is generated stating that the file was changed. It therefore becomes impossible for information to be 'hidden' in this record, as the full history of that record is stored by Another 9. At any given time, an auditor can pull up a financial report and view current or historical data, even if the information was created a month ago, a year ago, or 5 years ago. The auditor has the entire history of that document available to him/her, complete with a report showing what dates that document was altered.

Section 404: Management Assessment Of Internal Controls.
Requires each annual report of an issuer to contain an "internal control report", which shall:
(1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and The internal control structure can be handled almost entirely by Another 9’s Backup, as it will fully capture evolving versions of the financial records as they are created and updated. Furthermore, it will automatically create detailed reports showing when the file was updated and/or changed for someone requiring a high level overview on the history of the records. As for the internal control structure itself, Another9 can create supporting artifacts documenting the process used and technologies in place for this strategy. The reports generated by Another 9’s Backup can be used as an "internal control report" documenting exactly what transpired over the course of the year. This is a fully automated process and the reports can be manually generated at any time.

(2) contain an assessment, as of the end of the issuer's fiscal year, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.
AssuredSync provides all the background reporting information to make this assessment and determination. It automates much of the internal control report and reduces the man-hours required for the creation of an annual assessment. In the end, AssuredSync provides a solution for much of the effort Sarbanes-Oxley requires a company to exert, which:

a) Reduces the time it takes a firm to prepare for an audit;
b) Automates much of the reporting process;
c) Establishes an internal process for financial reporting;
d) Increases the security of financial records;
e) Increases the availability of financial records;
f) Keeps as many versions of the document available as are created, meaning the financial records will always be available - even 5 years down the road when an audit is required on outdated financials.

Title VIII: Corporate and Criminal Fraud Accountability Act of 2002.
It is a felony to "knowingly" destroy or create documents to "impede, obstruct or influence" any existing or contemplated federal investigation.

Another 9’s Backup prevents any one party from destroying records vital to the company's well-being. A common user cannot destroy the records, as they are stored in an off-site datacenter cluster array. Only an Administrator that has been granted specific rights to the datacenter can permanently delete a record.

Section 802: Mandatory Document Retention
Directs accountants to maintain certain corporate audit records or to review work papers for a period of five years from the end of the fiscal period during which the audit or review was concluded. It also directs the Securities and Exchange Commission (SEC) to promulgate, within 180 days, any necessary rules and regulations relating to the retention of relevant records from an audit or review. This section makes it unlawful knowingly and willfully to violate these new provisions -- including any rules and regulations promulgated by the SEC -- and imposes fines, a maximum term of 10 years' imprisonment or both. Auditors are required to maintain "all audit or review work papers" for five years.

Another 9’s Backup not only stores audit and review work papers for an indefinite amount of time, but it also stores every version of those papers.

Section 802: Document Alteration or destruction
and Section 1102: Tampering With a Record or Otherwise Impeding an Official Proceeding
Makes it a crime for any person to corruptly alter, destroy, mutilate, or conceal any document with the intent to impair the object's integrity or availability for use in an official proceeding or to otherwise obstruct, influence or impede any official proceeding is liable for up to 20 years in prison and a fine.

If any attempts are made to alter, destroy, mutilate, or conceal documents protected by Another 9’s Backup, an audit report will be generated stating when such actions took place and (in some cases) the party responsible for such actions can be easily determined. Furthermore, even if the integrity of a document is impaired, Another 9’s Backup has earlier versions of that same document readily available for restoration at any time.

< back