SOX 802: As a result of SOX, IT departments are responsible for creating and maintaining an archive of corporate records. Three rules in Section 802 of SOX affect the management of electronic records.
The first concerns the destruction, alteration, or falsification of records and the resulting penalties.
The second defines the retention period for records storage
The third rule outlines the type of business records that need to be stored, including all business records, communications, and electronic communications.
SOX 404:
Public Companies are required to publish information in their annual reports concerning the scope and adequacy of the internal control structure and procedures for financial reporting (Companies need to document control).
Attest to and report on the assessment on the effectiveness of the internal control structure and procedures for financial reporting. (conducting audit, done by third party and generating SCA report like in RMF controls and procedures).