 |
 |
|
November 15, 2004Sarbanes-Oxley now in EffectSave your emails. SEC said so. Welcome to audit hell. Its November 15th, and SOX is now in effect. Posted by SilverStr at November 15, 2004 10:13 PM | TrackBackComments
I am not well versed on SOX, so could you point me to a resource that shows where it says we have to save e-mails, because it would directly affect one of our company policies. Posted by: Andy at November 16, 2004 06:43 AMHey Andy, The management of email is a fundamental element of SOX compliance. You don't have to actually SAVE all email, but you have to know what NOT to delete. A good starter point would be the SOX cheatsheet which is here: http://www.silicon.com/research/specialreports/compliance/0,3800003180,39121223,00.htm Remember that SOX has the largest impact on public companies. If you are still private, you still have some protections against the Act (unless of course you partner with a company that falls under SOX and requires you have the same safeguards) Posted by: SilverStr at November 16, 2004 07:26 AMRemember, SOX is US legislation, so only directly affects companies on the US stock exchange.....for now, though Canada is drafting similar legislation. The fun part is all the 3rd party vendors that are indirectly affected. Every 3rd party vendor that we deal with also has to comply. We just finished our audit at my company and boy was it fun! We passed, but it doesn't feel like we do work any more. We spend more than half our time making sure the appropriate paper work is filled out and signed off by the appropriate parties before we can actually do the work, like change someones password, add an account, etc.... I feel more like an accountant now than a computer professional. Posted by: Shaggy at November 16, 2004 01:34 PMThanks I will check that out because we have a policy for our managers and up concerning how long they can keep any given e-mail that is probably way out of compliance and I need to bring it up to my boss if it is. We are a public US company and we are the largest of our kind so I want to make sure our market is doing the right thing. Thanks again. Posted by: Andy at November 17, 2004 07:53 AMI just found out from my boss that very quitely over the last few months they have dropped millions into assuring our compliance. Although our local pst files etc are cleared every 30 days, they are archived for 7 years to a bunch of servers at corporate before they are cleared. That way our loacl exchange servers don't bog down yet we stay in compliance. It kind of cool hwo they did it with zero disruption to our daily work. Posted by: Andy at November 17, 2004 02:19 PM |
 
My 5 Favorite Books
Writing Secure Code
Secure Programming Cookbook Security Engineering Secure Coding Principles & Practice Inside the Security Mind
My 5 Favorite Papers
Smashing the Stack
Penetration Studies Covert Channel Analysis of Trusted Systems DoD Trusted Computer System Evaluation Criteria NSA Security Recommendation Guides
Archives
June 2007
May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004 February 2004 January 2004 December 2003 November 2003 October 2003 September 2003 August 2003 July 2003 June 2003 May 2003 April 2003 March 2003 February 2003 January 2003 December 2002 November 2002 October 2002 September 2002 August 2002 July 2002 |
|
