SOX does not say "Thou shalt keep all email for X days/months/years".
It says "Thou shalt have a retention policy and shall abide by it". Bottom line - let the lawyers set the policy. Your job is really only to enforce it with the appropriate technology. Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com -----Original Message----- From: John Aldrich [mailto:[email protected]] Sent: Tuesday, September 21, 2010 10:19 AM To: NT System Admin Issues Subject: RE: Email retention Wow! That's not long at all.... The reason I was asking about SOX requirements was that I thought we could "pretend" we were publicly traded and go by those rules. It wouldn't surprise me if congress mandates SOX or something like it for *everyone* eventually, publicly traded companies or not. I know that some of our sales managers have come to me after we've let a sales rep go and the sales rep has challenged the termination, and the manager wants anything I have sent to the sales rep regarding IT policies, etc since I've been here (3 years now.) IANAL, but I do know that it's better to have a stated company policy on email retention than to have ad-hoc email retention on an individual basis. Thanks, John Aldrich IT Manager, Blueridge Carpet 706-276-2001, Ext. 2233 From: Jeff Brown [mailto:[email protected]] Sent: Tuesday, September 21, 2010 10:14 AM To: NT System Admin Issues Subject: Re: Email retention Our owner wanted 30 days to be standard retention policy for email. Lawyers said 90. We keep everything 90 days. On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link <[email protected]> wrote: There is no standard, it's determined by business requriements and regulatory requirements for your industry. SOX rules are for publicly traded companies, so you're asking contradictory questions. On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich <[email protected]> wrote: What's the standard for email retention for companies which are NOT publicly traded? What's the SOX rules on email retention? I just helped one of our managers open some Outlook data files dating back to 2007 which got me thinking about the wisdom of retaining information that long and I wasn't sure what the "norm" is for retaining that info. Thanks... Thanks, John Aldrich IT Manager, Blueridge Carpet 706-276-2001, Ext. 2233 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
