Lee LaFrese - 7 February 2019

What is SOX and why should I care?

In 2002, the US Congress passed the Sarbanes-Oxley Act (SOX) to protect shareholders and the general public from accounting errors and fraudulent practices by businesses. If your business deals with public financial information you need to be able to show that you are SOX compliant.

To be SOX compliant you must have controls in place to ensure that financial data is accurate and protected against loss.

Asynchronous Replication and RPO

One way that businesses protect themselves against data loss is by using asynchronous remote replication methods such as IBM Global Mirror.

IBM Global Mirror will allow you to replicate data at great distances in a consistent fashion. However, the remote data will always be some amount of time behind the production data.

This time period is called the Recovery Point Objective (RPO). Although we would all like to have an RPO of zero, this is not technically feasible with replication at long distances.

Controlling IBM Global Mirror

IBM Globally Dispersed Parallel Sysplex (GDPS) provides additional software and services that can automate many aspects of replication management and recovery.

GDPS collects data about the health of Global Mirror sessions including RPO and puts the data into an SMF record (type 105). Although GDPS does a good job of collecting the data, it really does not provide a way to manage metrics such as the RPO.

If RPO is not managed, it could grow large and a disaster would result in the loss of a great number of transactions. This could irreparably harm the accuracy of your company’s financial records.

IntelliMagic Vision provides you with the means to truly manage your IBM Global Mirror sessions. That means you receive alerts when the RPO exceeds the target and you have the instrumentation at your disposal to find root cause and take appropriate action if that happens. Being able to demonstrate this is especially important in the event of a SOX compliance audit.

With IntelliMagic Vision you can track the key Global Mirror parameters such as RPO and receive alerts if targets are consistently being exceeded. Figure 1 below shows a rated chart for RPO that illustrates this.

Average RPO over Interval
Figure 1- Average RPO over interval [rating: 0.16]

 

In this case we see a warning that RPO is beginning to exceed the target. You should have a process in place to track and investigate situations like this and take corrective action.

Other capabilities within IntelliMagic Vision provide the insight needed to determine root cause and help plan a fix. By showing a SOX auditor this documented process including IntelliMagic Vision for measurement and alerts, you can prove compliance in terms of controlling the currency of your data.

Keep your Sox on!

It can be more than embarrassing if you are caught with your SOX off. Consequences for noncompliance may include fines, imprisonment, or both! That is why you need to establish a set of business practices that demonstrate compliance. IntelliMagic Vision can be a key component of this. Even with the increasingly casual business attire we see today, you will want to keep these SOX on no matter what!

This article's author

Lee LaFrese
Senior Storage Performance Consultant
Read Lee's bio

Share this blog

Anatomy of an Anomaly

Related Resources

Blog

How Far Behind is My Asynchronous Replication?

Most peer-to-peer replication methodologies prioritize application performance over replication currency, but if replication falls too far behind you need to find out about it quickly and know what should be done to fix it.

Read more
Blog

IBM z15 Announcement Highlights and How to Take Advantage

The z15 (with a General Availability date of 9/23/2019) offers up to 190 CPU cores (vs. 170 on z14) and 40 TB of usable memory (vs. 32 on z14), in addition to processor cache and overall performance improvements.

Read more
Blog

CPU – Just the Tip of the z/OS Iceberg

z/OS is now responsible for everything from online transactions, network traffic, replicated data, and so much more. The infrastructure to handle this complexity is no longer limited to ensuring CPU is going to be okay.

Read more

Go to Resources

Subscribe to our Newsletter

Subscribe to our newsletter and receive monthly updates about the latest industry news and high quality content, like webinars, blogs, white papers, and more.