This is a really good article that defines in legal terms what is meant by "obstruction of justice" and what the relevant technical implications are for corporate IT departments and, specifically, for Sarbanes-Oxley related incidents. A series of "best practices" recommendations is at the bottom of the article.