"SOX will be expanded to include private companies within five years," predicted a storage user at last week's Interop conference.
Vegas delusions or insider wisdom?
Either way, the prediction underscored an aspect of data management and compliance: There's no real roadmap for what regulators are looking for today, much less five years from now.
When I asked a couple of users if they build audit logs a certain way or follow any sort of template, they essentially shrugged. Unlike with tax returns or quarterly filings, there are no "generally accepted accounting principles" where Sarbanes-Oxley, HIPAA, or SB 1386 are concerned.
Efforts are underway to streamline SOX reporting and help companies focus more on ledger fraud and accounting irregularities than backup issues. (See New Rules May Ease SOX Audits.) But this is unlikely to mute the complaints about the additional expense SOX and other compliance reporting imposes on companies, public or private.