SARBANES-OXLEY ACT (SOX)
The Sarbanes–Oxley Act of 2002, also known as the ‘Public Company Accounting Reform and Investor Protection Act’ and ‘Corporate and Auditing Accountability and Responsibility Act’ is a United States federal law that sets new or enhanced standards for all U.S. public company boards, management and public accounting firms. It deals with regulatory audits based off unalterable records. It also mandates internal controls and other regulations designed to mainstream electronic record management.
This Act requires public companies to save all business records, including electronic records and messages, for not less than five years. In addition, public companies and registered public accounting firms must maintain audit work papers, documents that form the basis of an audit or review, and all information supporting conclusions for seven years. Given that, clearly email communications related to audit work papers and financial controls should be retained for at least seven years.