The Sarbanes-Oxley Act of 2002 (SOX) and associated rules adopted by the Securities and Exchange Commission (SEC) require certain businesses to report on the effectiveness of their internal controls over financial reporting.  Companies that must comply with Sarbanes-Oxley include U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. U.S. companies with market value greater than $75million.

Companies should consult legal counsel and accounting professionals for specific advice. This includes federal, state and local laws and regulations, as it relates to SOX.  Internal controls covered by Sarbanes Oxley relates to email and document archiving.

Some things to consider when implementing a Sarbanes Oxley compliant archiving system:

• Policies should include email users taking ownership of sending selected e-mail messages to an archive mailbox. Certainly this depends on judgment calls and ongoing behavior of every staff person during a business day.

• Company management must commit to an ongoing investment in training, supervision, monitoring and enforcement of email and document archiving policies.

• Written policies do not necessarily  guarantee all relevant email messages are captured. So the firm could still face substantial risks and costs in the event of litigation, regulatory request or criminal subpoena (i.e. messages related to a customer, vendor or employee during a 1 year period).

• A more reliable strategy is to capture and archive all e-mail messages. This includes incoming and outgoing electronic communications. This approach provides better controls to insure relevant emails are captured and will help increase the confidence of internal and external auditors and regulators.

• Develop a record retention and archiving policy that includes e-mail, as well as other types of documents. The policy should address:

1. What should be saved
2. Retention periods
3. Archiving system capability for protection, security and accessibility.

Once you have achieved key interdepartmental consensus on policies, a company can move forward to with an archive system development methodology (SDM). The SDM will cover the over all solution, architecture, design and implementation plan.