If you manage the communications operations of a regulated, publicly traded company, it's important that you ensure the service providers you contract with are compliant with their industry's regulatory standards. This applies to compliance requirements for HIPAA, PCI and the Sarbanes Oxley Act of 2002, otherwise known as SOX, SarbOX, and less acronym friendly names like the Public Company Accounting Reform and Investor Protection Act and the Corporate and Auditing Accountability, Responsibility, and Transparency Act.

Demystifying Sarbanes Oxley Requirements

For nearly two decades, publicly traded companies have been required to meet strict Sarbanes Oxley regulations which govern:

  1. How long companies need to retain records which include financial and other sensitive data. Also what constitutes a record, and the information records should contain.
  2. The ways employees are provided or denied access to records or data based on their roles and responsibilities.
  3. Retention and deletion of files such as audio files like voicemails, text messages, video clips, declared paper records, storage, and logs of communications activities to and from devices of all kinds.
  4. Physical and digital security controls around cloud-based VoIP applications, the networks that support them, and the people that monitor this infrastructure.
  5. The activities and policies related to the executive leadership teams of these companies, and their boards of directors.
  6. By contracting a SOX compliant business phone system provider, you mitigate the risk of an auditor deeming your business non-compliant. VoIP systems, for example, are ideal for keeping auditable analytics reports of inbound and outbound communications, storing voicemails, and centrally managing call routing even for remote employees.

The Power of Defensive Communications Standards

When a company is subjected to an audit or is sued in court, having compliant systems in place, it makes it easier for auditors and investigators to do their jobs. By contracting the services of a provider with certifications like SSAE 16 (financial standards for ICT service providers) and PCI satisfies courts that a business is accountable and responsible in its communications practices and processes.

Much like wearing a seatbelt or adhering to the speed limit, meeting SOX requirements for communications security and governance can avert a deep investigation. Auditors know that if the right controls are in place, it is easy to track down where violations may have occurred. Further, if internal and external audits are regular and scheduled, businesses can avoid the pain of surprise audits when they aren't prepared.

Telecom Service Provider Quality Ensures Regulatory Compliance

For organizations in industries like healthcare, retail and government having secure, reliable communication services aren't just nice to have, they are mandatory. Doing your due diligence to find a service provider that has been vetted not only by companies like yours but by governing bodies is absolutely necessary.

Certifications like FISMA, ISO 27001 and 9001 and Privacy Shield are good indicators that a service provider is enterprise-ready and offers services which will keep you out of legal hot water. Talk to your telecommunications provider about whether they have a single point of failure, or what their business continuity plans are in case of a disaster. Services like Unified Communications and VoIP can be invaluable in cases of emergency at your workplace, or when your employees are traveling cross-country or abroad.


Sarbanes Oxley has been around long enough to a point where many businesses consider aspects of the act, such as records retention and financial reporting. Yet SOX covers more than file and data storage, it also includes regulatory standards governing the systems and processes around communication of voice and data across private and public internet networks.

Contract with a service provider that has deep experience serving public sector and publicly traded enterprises like yours. Understand the certifications they have attained and the regulatory standards they meet. Investigate whether the provider has been fined for their own accounting practices, or had significant network breaches or outages.

Voice network failures don't always get the same press coverage as cyber attacks on corporate websites or financial systems. Yet when the same networks are transporting video conferences, phone calls and real-time messaging - reliability, security and scalability are of utmost importance.

Is your organization or business looking for a VoIP or Unified Communications platform which will meet regulations like SOX, while providing an engaging user experience? Need to facilitate internal collaboration and external communication with clients, suppliers and other stakeholders? Contact our enterprise services team today.

Related Topics:

Safe Harbor Compliance

FIPS Compliance