Email is crucial to almost all businesses and organizations. It is very important to have a reliable, robust email system to conduct business. In some industry segments, there are regulations and compliance standards which must be adhered. The following table highlights some of the major compliance standards, laws and regulations.
| Regulations | Government | Medical | Dental | Legal | Financial | Franchises | Other Private |
|---|---|---|---|---|---|---|---|
| Litigation Readiness | X | X | X | X | X | X | X |
| Paperwork Elimination Act | X | ||||||
| SEC 17a-4 | X | ||||||
| Sarbanes-Oxley 404 | X | ||||||
| Sarbanes-Oxley 409 | X | ||||||
| HIPAA | X | X | |||||
| DoD 5015.2 Rev 2 | X | ||||||
| Check 21 | X - banking | ||||||
| IRS Rev. Proc. 97-22 | X |
E-Discovery & Litigation Readiness
Email systems are the primary communications tools used by the majority of information workers and the most important data repository that organizations possess. Email is increasingly used to send, receive and store corporate records - basically any content that must be preserved for long periods of time because of statutory obligations, legal requirements or best practice.
However, most organizations are not storing critical email information adequately. They recycle their backup tapes on a quarterly or more frequent basis, while many organizations permit users to store critical business records on local message stores or other locations that are inaccessible to the organization at large.
Reflecting the above, the Federal Rules on Civil Procedure - the laws that govern court procedures for civil suits - changed on December 1, 2006. Effective immediately, both sides of the litigation will be required to turn over electronic evidence or prove why they cannot. Failure to produce requested documents has already lead to record fines and legal losses. It is critical that any organization faced with such a requirement be able to extract the required information quickly and with a minimum of disruption to the IT staff.
Our email solution (using SECCAS software) gives you the toolset to be "Litigation Ready". Answers that used to take days can be obtained in minutes.
The security, simplicity and effectiveness of the SECCAS solution make supervising, discovery and archiving of electronic communications achievable by all companies. With no hardware or software to install, SECCAS can be up and running in minutes.
http://cyber.law.harvard.edu/digitaldiscovery/digdisc_library_4.html
SEC 17a-4: Store Electronic Records on non-rewritable, non erasable format. Records retention; ability to capture, store and manage correspondence/communications regarding business transactions SEC 17a-4 affects financial services such as brokers, dealers, exchange members. Gives retention periods for securities, broker/dealer records; stipulates requirements if electronic record-keeping systems are used.
For more information:
http://www.law.uc.edu/CCL/34ActRls/rule17a-4.html
Sarbanes-Oxley 404: Monitoring of the process involved in producing and changing financial records. SOX 404 affects all publicly traded companies, public accounting firms, auditors, brokers, securities analysts. For public companies, provides requirements for audit committees, financial reporting, insider trading, executive loans, change disclosure and management assessment of controls.
For more information:
http://www.sarbanes-oxley.com
http://www.sec.gov/news/press/2002-128.htm
Sarbanes-Oxley 409: Disclose information on material changes in the financial condition or operations of the issuer on a rapid and current basis. SOX 409 affects all publicly traded companies, public accounting firms, auditors, brokers, securities analysts. For public companies, provides requirements for audit committees, financial reporting, insider trading, executive loans, change disclosure and management assessment of controls.
For more information:
http://www.sarbanes-oxley.com
http://www.sec.gov/news/press/2002-128.htm
HIPAA: protects "Individually identifiable health information" that is, any data identified by name, social security, address or birth data whether it is electronic, paper or oral. Also requires patient notification of privacy policies. HIPAA affects health plans including employer-sponsored health and all healthcare providers that transmit patient information electronically for claims, benefit eligibility, referral authorizations, etc. Security rule, effective April 21, 2005 requires best practices for assuring that electronic patient data is confidential, available as needed and maintained with integrity intact.
For more information:
http://www.hhs.gov/news/press/2002pres/hipaa.html
Check 21: The law facilitates check truncation by creating a new negotiable instrument called a substitute check, which would permit banks to truncate original checks, to process check information electronically, and to deliver substitute checks t banks that want to continue to receive paper checks. Check 21 affects banking institutions. The Law was signed on October 28, 2003 and became effective October 28, 2004. The law does not require banks to accept checks in electronic form nor does it require banks to use the new authority granted by the act to create substitute checks.
For more information:
http://www.federalreserve.gov/paymentsystems/truncation/default.htm
IRS Rev. Proc. 97-22: Provides guidance to taxpayers that maintain books and records by using an electronic storage system that either images their hardcopy (paper) books and records, or transfers their computerized books and records, to an electronic storage media. IRS Rev. Proc 97-22 affects Financial Services. An electronic storage system must ensure an accurate and complete transfer of the hardcopy or computerized books and records to an electronic storage media. The electronic storage system must also index, store, preserve, retrieve, and reproduce the electronically stored books and records.
For more information:
http://www.recapinc.com/irs_97-22.htm
Gramm-Leach Bliley Act: Requires financial services companies to implement safeguards for customers' current and legacy information. Gramm-Leach affects fiancial services such as brokers, dealer, exchange members. In essence, the act makes it illegal for a financial institution to share customer's "nonpublic personal information" with third parties unless the company first discloses its privacy policy to consumers and allows them to opt-out of that disclosure.
For more information:
http://www.senate.gov/~banking/conf/
hhttp://www.ftc.gov/privacy/glbact/
21 CFR 11: Defines the recommendations for managing audit trails, access control and electronic records retrieval. 21 CFR 11 affects healthcare and pharmaceutical companies. On February 20, 2003, the FDA released a new draft - Draft Guidance for Industry; Part 11, Electronic Records; Electronic Signatures - Scope and Application which changes the requirements for electronic records. It also withdraws many previous guidance documents on maintenance of records, e-copies of records, timestamps and validation.
For more information:
http://www.21cfrpart11.com
http://www.fda.gov/ora/compliance_ref/part11/
http://www.fda.gov/cber/gdlns/prt11elect.pdf
Department of Defense 5015.2, version 2: Defines the basic requirements based on operational, legislative and legal needs that must be met by records management application (RMA) products acquired by the Department of Defense (DoD) and its Components. DOD 5015.2 affects vendors of electronic records management software and document management products paired with RM software. Testing and certification program for software products.
Many government entities require Records Management software to comply with this standard. For a register of DoD certified products see: http://jitc.fhu.disa.mil/recmgt/
Government Paperwork Elimination Act: Requires federal agencies to accept electronic information and transactions. It also requires that they maintain electronic records. The Government Paperwork Elimination Act affects all Federal Agencies. This work must be completed by October 21, 2003.
For more information:
http://www.whitehouse.gov/omb/fedreg/gpea2.html
http://www.archives.gov/records_management/ ...