Karl,
If you want to buy the poster, you might try this link:
http://www.thinkgeek.com/homeoffice/posters/58fc/
BTW, I wasn't suggesting that you hijacked the thread, rather I and
others did from William Stillwell when he asked about E-mail archiving
that doesn't cost an arm and a leg.
Your point about keeping baby pictures is a valid one. Technically you
are not required to keep such things under SOX...only "business
communications" and more specifically, ones that pertain to the finances
and operation of the business, are covered. There are even solutions
that do filtering to determine if a message should or shouldn't be
archived, though being somewhat risk adverse, and knowing that such
filtering isn't perfect, I would not recommend such a solution. At the
same time though, keeping unnecessary messages can be a detriment to a
company as these things can come out and burn you years in the future.
How many times have we heard side comments from Microsoft execs that
their competition or detractors used against them. Here's one such
example where a MS executive told others that he would be using a Mac if
he didn't work for Microsoft. Here's the blog that tries to explain
what he meant...
http://windowsvistablog.com/blogs/windowsvista/archive/2006/12/12/title.aspx
People are caught having affairs with others in the office, partying,
and other things that represent private comments. The fact is that none
of that stuff is required to be kept and it shouldn't be archived if one
can help it. The SEC doesn't care about such things and they are the
ones requiring retention, but having a massive stash of E-mail covering
anything and everything actually increases the possibility of needing to
spend money fulfilling a court order to produce such things. You can
likely blanket exclude certain classes of employees since they never
deal with anything the SEC is concerned with, and that is wise.
Retaining all such E-mails is another example of risk-aversion as well
as complication, but the retention itself should be approached with some
degree of risk-aversion as well.
Matt
IS - Systems Eng. (Karl Drugge) wrote:
Gotta love that picture.... Keeping it for my personal laptop back ground.
I'll agree with you 99%.. I hate lawyers with a passion, and excepting
the miniature French poodle and HR personnel, they are loathed beyond
all else.
But, in doing a risk assessment, factors like the possible cost of a
possible law suit is something that should be considered. A hospital
is a good example. Regardless of what the I.T. team is doing ( for
good or ill ), it's a good idea to get the advice of a legal
professional. Just one suit will offset the cost of hundreds of
consultations. It's not always possible, especially in the smaller
firms, to CYA in this fashion, but a sign off from above works just as
well.
As IT management, I stress that we offer the company technical
solutions. What we CAN do is very different in most cases, from what
we SHOULD do. The SHOULD do part comes from written company policy.
Written company policy needs impartial review, from as many
perspectives as possible. Medical/Legal/Financial records all have
different retention requirements. This includes emails which pertain
to these records ( or even have them imbedded ). So, how do you handle
your archives then ? Keeping ALL the emails will get you fried if you
have expunged records in your archives ( if you're an attorney ). Who
sorts these emails for relevant information to determine if they even
should be stored ? SOX doesn't require I keep emailed pictures of my 5
year old nieces B'day party.. So do you check each one individually ?!
Yargh ! Leave it up to the end users ? Oh boy...
So, why do ( or don't ) you have these records ? Company policy will
be the only thing that keeps you as the email admin from getting
thrown under the bus. Easy, company policy dictates it. You're off the
hook. Remember, when the witch hunt ends, you don't want to be the one
wearing the pointy hat.
Apologies for the hijacked thread...
Karl Drugge
-----Original Message-----
*From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of
*Matt
*Sent:* Monday, December 18, 2006 2:36 PM
*To:* [email protected]
*Subject:* Re: [Declude.JunkMail] OT: "Message" Storage
Karl,
The problem is assuming that keeping it 'legal' involves lawyers for
instance. The Sarbanes-Oxley Act of 2002 was enacted by Congress and
the responsibility for clarifying the law into workable practices was
assigned to PCAOB (The Public Company Accounting Oversight Board,
created by Sarbanes-Oxley), and signed off on by the SEC. It is the
responsibility of independent auditors to verify compliance and report
it's findings to the board of directors, who are ultimately
responsible for the companies in question.
.
.
< Lots of good stuff >
.
.
.
Matt
IS - Systems Eng. (Karl Drugge) wrote:
True, I'm covered by different laws..
But in regards to keeping 'legal', in all senses of the word, especially
when you are discussing 'home grown' versus 'off the shelf' solutions,
it would be best to consult legal advisors before implementing anything.
If you aren't sure, get advice. If you are sure, get it in writing.
I was private sector long before I converted to government, and still
keep some of those clients. Most of my clients would much rather have a
lawyers sign off, especially if it's going to help them avoid a lawsuit
later.
Karl Drugge
-----Original Message-----
From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] On
Behalf Of Matt
Sent: Monday, December 18, 2006 12:48 PM
To: [email protected] <mailto:[email protected]>
Subject: Re: [Declude.JunkMail] OT: "Message" Storage
Karl,
We were specifically talking about SOX (Sarbanes-Oxley) compliance,
which have no legal applicability to your own needs. Your needs are
governed by Florida's "Government-in-the-Sunshine" laws which allow for
public inspection of most records.
Matt
IS - Systems Eng. (Karl Drugge) wrote:
EXACTLY why we have the city attorney and another legal specialist
helping to formulate our own new policy. Best to invest some real $$$
now, before we get sued for our ignorance ( and $$$$$$$$$$$$$$$$$$$$ )
later.
Karl Drugge
-----Original Message-----
From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] On
Behalf Of
Sanford Whiteman
Sent: Sunday, December 17, 2006 1:46 PM
To: Matt
Subject: Re[2]: [Declude.JunkMail] OT: "Message" Storage
</snip>
In summary: you still don't know about e-mail archival for compliance
purposes.
Thanks for sharing.
--Sandy
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED] <mailto:[EMAIL
PROTECTED]>, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED] <mailto:[EMAIL
PROTECTED]>, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED] <mailto:[EMAIL
PROTECTED]>, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED] <mailto:[EMAIL
PROTECTED]>, and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
