Email Archiving: If You Sell To Public Companies, You Should Be Archiving Email Too - 10/10/07 |
Email archiving as a company is a legal requirement in certain situations. Something you perhaps did not know. I for sure didn't until I started reading up on the legal retention requirements! There are an increasing number of government compliance mandates, take Sarbanes/Oxley (SOX) for instance. But their repercussions are not always visible for everyone. A lot of these regulations require archiving as an important part of compliance. Osterman Research names just a few highlights: Financial: SEC 17a; NASD 3010; HIPAA; SOX; GLBA; SB1386 Healthcare: HIPAA; SOX; SB1386 Government: HIPAA Life Sciences: HIPAA; 21 CFR11; SOX; SB1386 Other industries: HIPAA; SOX; SB1386 Two well-known compliance regulations are the most far-reaching: the Health Insurance Portability and Accountability Act (HIPAA) and SOX. As an illustration of how far these can reach, HIPAA not only applies to healthcare organizations, but also to health insurance providers and their claims processing services, and furthermore to (and did you know this) employers that are self-insured or that provide health services to employees. And then the infamous SOX has an effect on all organisations that publicly report financial results, or that issue U.S.-traded securities. More over, if you are a private company that does business with a publicly traded company, you must also follow SOX guidelines. Why? So your business partner can get requested information from you, in the event of an audit. If your CEO is planning to go public at one point in the future, you'd -better- start to follow SOX IT guidelines as early as possible. Here are some official legal words: "To comply with SOX, public companies should apply these internal controls to their information management practices-which may include, among other things, a thorough and ongoing evaluation of the organization's information management programs, policies and procedures to ensure that company records are retained in an accurate and trustworthy manner. In addition, company records need to be readily accessible to ensure timely cooperation should the organization find itself under investigation. Additionally, it has become essential that organizations not only have record keeping policies and practices in place but that they also have a Legal Hold or Records Hold mechanism that supersedes the organization's regular record keeping rules, and ensures that company records and information are preserved for SEC investigations or other formal proceedings." And do not forget two other interesting laws that might apply at the worst possible moment: The Patriot Act and Freedom of Information (FOI) Act. Both of these require organizations to retain and maintain records so that they can be produced when regulators send requests for them. Not only must you retain critical data, but you have to be able to query data for the purpose of legal discovery and do it pronto. Not having this in place is truly an incredible headache. I've been there, and done that a long time ago. I took the IT team -weeks- of almost full-time work. It is not hard to see that you are opening yourself up to critical risk if you are not able to meet regulatory mandates or e-discovery subpoenas, even as a third party in a lawsuit. Ever did the math how much it costs to process and restore a single backup tape? You'd be surprised. Better To Act Right Now It's one of these things you cannot afford not to address, and the C.C.S. surveys showed that 40% of you are going to deploy archiving in the next 12 months. That is a sea change in the market. But let me help you a bit with some ammo to get budget pushed through right away. There are a LOT of benefits that make it a no-brainer to implement ASAP, from small to large: 1. Avoid compliance-related fines 2. Significant savings on both IT time and attorney staff time 3. Very fast ROI, usually 3 to 6 months 4. Immediate, 100% ROI if you get hit with an e-discovery 5. Significant savings every 2 years on additional servers and storage 6. 60-80% faster backups Email has become mission critical and archiving needs to be a front burner issue, for all the above reasons. Now, HOW to archive is crucial. Getting a journaling-based system lacks a wealth of features you really need, and does not give you the performance and space benefits. C.C.S. can now offer hosted email with full system wide message archiving and compliant with Sarbanes-Oxley Act. The System Administrator designates an archive folder which will contain copies of every inbound and outbound email sent each day. At the end of each day SmarterMail takes that folder and compresses it for archival storage. The SmarterMail's email archiving feature makes it an ideal solution for businesses seeking to comply with the Sarbanes-Oxley Act of 2002 (SOX) and retain critical data. For more information on SOX please visit: http://www.sec.gov/divisions/corpfin/faqs/soxact2002.htm For further information on how C.C.S. can assist you in compliance, please call us, or contact us via our Contact Form |