16 Jun Enterprise Cloud Backup & Recovery | ERP SOX Compliance Requirements
Backup and Recovery for Dynamics Cloud SOX Compliance
Complying with the Sarbanes-Oxley (SOX) Act of 2002 is required of public companies, and even if you are not currently a publicly-traded company, SOX compliant practices today will reduce your risk of financial errors, fraud and breaches in the future. Enterprise cloud backup and recovery policies are an important part of governance, risk management and SOX compliance.
If you want to get in-depth info on other critical SOX controls, check out this eBook on SOX compliance requirements in the cloud.
The 5 Critical Controls for SOX in the Cloud
In order to truly deliver SOX compliant cloud services and infrastructure, a cloud provider must have standardized and documented policies for…
- Change Management Plan and Policies
- Logical Access Controls
- Physical Security Policy
- IT Operations Management
- Enterprise Cloud Backup & Recovery
Enterprise Cloud Backup and Recovery for SOX in the Cloud
“Today, the most common threats to businesses are power outages, extreme weather and IT failures – all of which happen with regular occurrence,” said Jennifer Aldrich for Panorama Consulting. “Such crises account for millions of dollars of lost revenue among businesses globally, (due primarily to significant downtime and lost productivity), and can strike even the most venerable and stable corporations in the world.”
If you have a cloud ERP system or you are considering the cloud, your hosting provider must have proven repeatable uptimes of 99.95% or better and they must have comprehensive backup and recovery practices with layers of redundancy for robust risk management.
From a SOX perspective, they should provide adequate documentation of successful backups along with periodic restore data from the backup media to allow you and your auditors to test and verify it. This allows your business to check that restore data is accurate and consistent with live data. It also allows you to verify all backups are occurring according to the terms of your Service Level Agreement.
Before choosing a cloud hoster for SOX compliant software, it is a good idea to ask for documentation of the cloud provider’s policies regarding the following questions:
- How frequently are test restores performed?
- How are backups scheduled?
- What are data ownership policies?
- What is included in backup procedures?
- Are redundant backups performed in separate locations to protect your data against disaster events?
To help guarantee SOX compliant cloud ERP while supporting their customers’ risk and governance management, hosting firm RoseASP offers the following services regarding backup and recovery…
- Strict daily, weekly, monthly and annual backup schedule
- Tailored backup plan to fit customer needs
- Regular quarterly “test” restores to validate backup plan
- Recovery policies ensuring data integrity and standardizing ownership and responsibility during force majeure events
- Redundant power and fire suppression systems at datacenters to protect against disaster events.
- Copy of the backup retained offsite from the datacenter for added redundancy.
Did you know..?
If you are a publicly traded company with a Dynamics ERP system, you can upgrade to the newest version in the cloud without sacrificing governance, risk management and compliance requirements. Check out this Microsoft Dynamics SOX Compliance Solutions Page.