Don’t Let RPO Knock Your SOX Off!

What is SOX and why should I care?

In 2002, the US Congress passed the Sarbanes-Oxley Act (SOX) to protect shareholders and the general public from accounting errors and fraudulent practices by businesses. If your business deals with public financial information you need to be able to show that you are SOX compliant.

To be SOX compliant you must have controls in place to ensure that financial data is accurate and protected against loss.

Asynchronous Replication and RPO

One way that businesses protect themselves against data loss is by using asynchronous remote replication methods such as IBM Global Mirror.

IBM Global Mirror will allow you to replicate data at great distances in a consistent fashion. However, the remote data will always be some amount of time behind the production data.

This time period is called the Recovery Point Objective (RPO). Although we would all like to have an RPO of zero, this is not technically feasible with replication at long distances.

Controlling IBM Global Mirror

IBM Globally Dispersed Parallel Sysplex (GDPS) provides additional software and services that can automate many aspects of replication management and recovery.

GDPS collects data about the health of Global Mirror sessions including RPO and puts the data into an SMF record (type 105). Although GDPS does a good job of collecting the data, it really does not provide a way to manage metrics such as the RPO.

If RPO is not managed, it could grow large and a disaster would result in the loss of a great number of transactions. This could irreparably harm the accuracy of your company’s financial records.

IntelliMagic Vision provides you with the means to truly manage your IBM Global Mirror sessions. That means you receive alerts when the RPO exceeds the target and you have the instrumentation at your disposal to find root cause and take appropriate action if that happens. Being able to demonstrate this is especially important in the event of a SOX compliance audit.

With IntelliMagic Vision you can track the key Global Mirror parameters such as RPO and receive alerts if targets are consistently being exceeded. Figure 1 below shows a rated chart for RPO that illustrates this.

In this case we see a warning that RPO is beginning to exceed the target. You should have a process in place to track and investigate situations like this and take corrective action.

Other capabilities within IntelliMagic Vision provide the insight needed to determine root cause and help plan a fix. By showing a SOX auditor this documented process including IntelliMagic Vision for measurement and alerts, you can prove compliance in terms of controlling the currency of your data.

Keep your Sox on!

It can be more than embarrassing if you are caught with your SOX off. Consequences for noncompliance may include fines, imprisonment, or both! That is why you need to establish a set of business practices that demonstrate compliance. IntelliMagic Vision can be a key component of this. Even with the increasingly casual business attire we see today, you will want to keep these SOX on no matter what!