Vendors Offer OS/400 Solutions for Sarbanes-Oxley Compliance
March 30, 2004 Alex Woodie
How can you be sure that your data is tamper proof? And if somebody does tamper with it, how will you be able to tell? These are the key issues facing OS/400 shops in complying with the Sarbanes-Oxley Act, one of many new laws affecting the way companies manage and store their data. These are also areas in which iSeries software vendors, like Global Software and Electronic Storage Corp., are providing new solutions.
Companies of all shapes and sizes will need to comply with the Sarbanes-Oxley Act, which was passed in the wake of the corporate accounting scandals two years ago, and which threatens CEOs and CFOs with jail time for non-compliance. The establishment of transparent accounting practices and the creation of unalterable audit trails are main provisions of the Sarbanes-Oxley Act, and this is where IT shops will be called upon to provide solutions.
Global Software and Electronic Storage Corp. have introduced new software aimed at helping midmarket OS/400 shops to secure access to critical documents and data. Here’s the rundown on those new offerings.
A GLOBAL SARBANES-OXLEY SOLUTION
Global Software, based in Raleigh, North Carolina, is expected to start shipping this week a new release of its Spreadsheet Server product, which lets users access and manipulate data from OS/400 ERP systems inside of Microsoft Excel spreadsheets. Many users at OS/400 shops prefer to work with corporate accounting data in the Excel format, instead of the native accounting modules of their OS/400 ERP suites, says Spencer Kupferman, Global Software vice president of corporate affairs. “Financial tools in ERP applications were an afterthought,” Kupferman says. “That’s why we do so well, running against Movex, Infinium, J.D. Edwards, and BPCS. It’s not what they do. We’ve made their weakness in their financial systems the pillars of our software.”
The new Sarbanes-Oxley-related features in Spreadsheet Server will help to provide an audit trail of who accessed the data. Users will be asked to sign an attached signature sheet when they access accounting data. This new document, which will be delivered in the Spreadsheet Distribution Manager component of the product, will also use timestamps and will be linked to spreadsheets according to a specific accounting number. The new documents will be delivered in PDF or Word format.
Spreadsheet Server also helps companies comply with the data integrity component of Sarbanes-Oxley by the very fact that Spreadsheet Server accesses data in real time, Kupferman says. If a company put together a quarterly report, for instance, using a full business intelligence product that requires loading the financial data into a data warehouse, that data may not be entirely up to date, he says. “What we do is go directly from the source into the spreadsheet. We’re accessing that data in real time, so there’s no possibility for it to become corrupt.”
A SAR-BOX FOR LASERVAULT
Secure access to documents is also being provided by Electronic Storage Corp., which develops a software-based archiving solution called LaserVault, which integrates natively with OS/400 servers (as well as with Unix, mainframe, and Windows systems). The Tulsa, Oklahoma, company last week announced a new product called Reliafile, which works with LaserVault to address Sarbanes-Oxley compliance.
ESC says its new Reliafile make reports and documents stored in LaserVault tamper-proof by stamping each document with a unique thumbprint that confirms the date and time the document was created. Reliafile then ties that thumbprint to a U.S. Postal Service Electronic Post Mark (EPM), which is kept on file for seven years, the company says. At any time in the future, the client, an auditor, or a regulator can compare the unique thumbprint with the file contents to verify that the file has not changed. If one character of data in the file is altered or transposed, the digital thumbprint will no longer match, the company says.
The thumbprint systems used by Reliafile keeps documents confidential, because the thumbprints do not actually contain the contents of the files they identify. Reliafile works with all types of digital content supported by LaserVault, including reports, pictures, scanned documents, spreadsheets, or OS/400 spool files. Relafile starts shipping April 1. Licenses start at $5,000.
While the Sarbanes-Oxley Act is primarily targeted at public companies, many industry observers think private companies will want to comply with the act as well, to future-proof their accounting practices, in case they are acquired or merge with a public company at a later date.
Earlier this year, the compliance dates for the Sarbanes-Oxley Act were pushed back. The deadline for large companies that file their taxes early (more than $75 million in revenues) to comply was pushed back from June 15, 2004, to November 15, 2004, while the deadline for later filers was pushed from April 15, 2005, to July 15, 2005.
Sarbanes-Oxley touches many parts of a company, and software is only part of the story in the IT department. Companies will also need to securely house their Sarbanes-Oxley-compliant data on some data storage device. For a look at the latest in WORM devices coming to the OS/400 server, see the article “New WORM Technology Making Its Way to the iSeries,” also in this issue of Four Hundred Stuff.