CloudFirst

Secure Infrastructure & Software as-a-Service Provider

  • 631.608.1200
  • Request A Quote
  • Support:
  • 877.525.4477
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
MENUMENU
  • Solutions
    • IBM i

      • ezHost
      • ezVault
      • ezAvailability
      • ezRecovery
      • ezSecurity
      • Systems Management
    • AIX

      • ezHost
      • ezVault
      • ezAvailability
      • ezRecovery
    • Intel: Windows/Linux

      • ezHost
      • ezVault
      • ezAvailability
      • ezRecovery
  • Support Services
  • Voice & Data
  • Partner Program
    • Partner Overview
    • Become a Partner
    • Partner Marketplace
  • Resources
    • Blog
    • White Papers
    • Case Studies
    • Glossary
  • About Us
    • Company Overview
    • Data Centers
    • Management Bios
    • Testimonials
    • Careers
    • Investor Relations
  • Contact

Email Archive Solutions and Sarbanes Oxley: A Primer

August 17, 2017

Image by Bev Sykes from Flickr

 

It is nearly impossible to think about corporate audits without thinking of email archive solutions. However, there was a time when organizations took these systems rather lightly – simply as a repository of old documents that could be deleted at any given time, instead of thinking of them as a goldmine of information that could be used for audit and legal purposes.

The Sarbanes Oxley Act, which was signed in 2002, was conceived in the wake of a series of corporate scandals that hit some of the world’s largest companies, including energy giant Enron and telecommunications leader WorldCom. It is known mostly as a set of regulations governing financial reporting and ethical business practices. However, it is also known as the primary driver behind improvements in document storage, archiving, and security.

Section 802 of the Sarbanes-Oxley Act addresses the issue of document tampering, which was a contributing factor to alleged financial misconduct at Enron and other companies. It imposes a set of penalties on individuals and entities that alter, destroy, conceal, or falsify documents with the end goal of hampering or influencing a legal inquest. It also prescribes fines and/or imprisonment on accountants or auditors who violate certain document retention periods.

How do companies use email archive solutions to remain SOX-compliant? The law includes electronic communications in the term “relevant documents”, especially if they were created during an audit or because of one and if they contain financial data related to such an audit or review. These documents include email, email trails, and file attachments, among others. Sarbanes-Oxley prescribes a five-year retention period for such documents, during which they may not be amended, erased, or otherwise hidden in the system.

Other aspects of document storage include the recording of email audit trails and records encryption. Encrypted email archive solutions are of interest here due to the protection that they provide against unauthorized access to documents and tampering of records. It is important to note that email archiving also encompasses search and retrieval capabilities, such as e-discovery, and that e-discovery should be completed within a certain period after a company going through audit or investigation receives a request for certain electronic records.

The subject of document authentication is also brought up, particularly when it comes to memos, email, and other forms of communication. Commonly-used methods used to authenticate documents include digital signatures and timestamps. The usage of such authentication methods should be tamper-proof, restricted to authorized personnel, and usable only in the context of established business processes; otherwise, SOX auditors might flag the said usage as fraudulent. Email archive solutions being deployed post-SOX should be equipped to recognize these digital signatures and grant document access only to authorized individuals.

If an organization uses email archive solutions that do not comply with the requirements of Sarbanes-Oxley Act, they might fail audits or reviews and be suspected of conducting business improperly. Therefore, to ensure compliance with the law, external auditors and compliance leads should be involved in the planning and implementation of email archiving systems.

Filed Under: Uncategorized

Primary Sidebar

Search

Recent Posts

  • Blasting Away Old Spool Files Off the POWER Box with SQL
  • Cloudfirst’s Getting Ready for IBM i Cloud Migration Guide Featured in IT Jungle
  • IBM i 7.5 Announcement: The Future of Power Systems
  • Securing IBM i When Migrating to the Cloud
  • Network Considerations when Migrating IBM i Systems to the Cloud

Categories

  • AIX
  • Backup
  • Business Continuity
  • Cloud Computing
  • Cloud Hosting
  • Compliance
  • Data Privacy
  • Data Protection and Recovery
  • Data Storage
  • Disaster Recovery
  • Featured Articles
  • IBM i
  • Information Technology
  • Managed Services
  • Security
  • Uncategorized

Do You Need More Information?

Contact Us
  • 631.608.1200
  • Request A Quote
  • Support:
  • 877.525.4477

Solutions

  • ezHost
  • ezVault
  • ezAvailability
  • ezRecovery
  • Systems Management

Support Services

  • Support Services

Partner

  • Partner Program
  • Become a Partner

Resources

  • Blog
  • White Papers
  • Glossary

About Us

  • Company Overview
  • Data Centers
  • Management Team
  • Careers
  • Investor Relations
  • Contact
ISO 27001 Certified

©2022 CloudFirst – All Rights Reserved – Privacy Policy