We are a small software development house doing a lot of web site development for small companies, particularly e-commerce. I’ve been told by those who claim to know that even though Sarb-Ox is aimed at publicly traded companies, there are data storage and retention issues for private companies as well when the data is stored on a “publicly available” server, for example a web server. We need to avoid giving legal advice to our customers, but we would like to be able to intelligently advise them on when they need to talk to their attorneys about this, and have good rules of thumb for what *not* to do to trigger Sarb-Ox compliance requirements. For example, I’ve been told not to store customer’s credit cards in the database. True or not, what data items stored on web servers will trigger Sarb-Ox compliance requirements?
I didn’t find the right solution from the internet.
Or fill the form below