why we should use a product like digiprove to protect digital assets and avoid financial and litigation risk

1. Digital Content & Sox compliance
SOX
The Sarbanes–Oxley Act of 2002 was put in place by the US government to protect investors in public
companies following a series of corporate and accounting scandals perpetrated in the late 90’s and early 00’s
which included Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which
cost investors billions of dollars when the share prices of affected companies collapsed, shook public
confidence in the nation's securities markets.
Much has been written about these scandals and also SOX and what is now required of Public Companies and
their stakeholders to secure societies confidence in the Markets and keep corporate officers and employees
out of jail. This piece concerns itself with a specific set of challenges relating to Digital Content used in a public
company or for that matter any company.
Section 404, 802 & Digital Content
Section 404 of the Act “Assessment of Internal Controls” & Section 802 “Criminal Penalties for influencing
US Agency Investigation” are key sections relating to the effectiveness of the act and the actions and
processes public companies must take or put in place.
In particular section 404 is concerned with the prevention and detection of fraud and error and the adequacy
of controls required. The integrity, authenticity and provenance of digital content (data, text, Audio, Video
etc.) must be secured and be non repudiable. We know that digital content is much easier to change than
paper based content and public companies must find cost effective solutions to assure trust and confidence in
their management and control of Digital content. Section 404 focuses on content authenticity and integrity
Section 802: “ Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false
entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the
investigation or proper administration of any matter within the jurisdiction of any department or agency of the
United States or any case filed under title 11, or in relation to or contemplation of any such matter or case,
shall be fined under this title, imprisoned not more than 20 years, or both”. This brings home the importance
of being able to identify fraudulent, malicious or even just simple errors that may be part of an audit or
evidential chain and required to establish trust and confidence in digital data/content. Section 802 in addition
to the focus above in section 404 also brings attention to the history and flows of the digital content.
How can public companies identify and prevent fraud or error in their digital content cost effectively?
1. Identify & List the company’s digital assets (versions, time lines etc.)
2. Perform a Risk analysis and identify those critical digital assets
3. Identify those critical digital content types and forms that must be protected and controlled through
their life cycle.
Sample critical Digital Assets
 Contractual documentation
 Policy & Procedure documents and records
 Intellectual Property
 Trademarks and copyright
 Financial reports
 HR& employee records
 Performance Management records
 Software applications
 Software logs
 Databases
 Recorded telephone conversations
 Recorded conference calls(Audio/Video)
www.digiprove.com ©Digiprove Feb 2012

2. Digital Content & Sox compliance
 Images, Photographs, Videos
Identify& implement appropriate software controls as a solution to the digital content/asset protection such as
Digiprove.
What are the core features that a simple software solution must have?
 Establish the authenticity and integrity of digital content on entry into the company’s digital world
whether created within that world or entering externally whether it be via an electronic
communications or scanned solution. (This can be achieved by creating a unique digital fingerprint of
the content and meta data such as date, time, location, ownership)
 Maintain full confidentiality of this digital content in that it does not get sent externally outside the
companies own controlled digital world to be certified.
 Create an audit trail for the defined digital content and any actions taken on that content.
 Be able to verify the provenance of any digital content once it has been certified and verify if it has
been tampered with.
Digiprove products tick all the boxes:
Selfprotect – a simple SaaS on-line service for content and communications
Autoprotect – a simple background utility that automatically protects the identified files and folders.
Completeprotect – includes digital log event certification and audit trail along with autoprotected content.
(New Product)
Signasure – enables and protects documents with all types of digital signatures (New Product)
Brokerprove – A standalone solution for SME professional service providers
Embedprotect – A software developer’s kit that enables Digiprove technology to be quickly integrated into a
company’s business applications
www.digiprove.com ©Digiprove Feb 2012