Rackspace Archiving Compliance Overview



Similar documents
MASSIVE NETWORKS Online Backup Compliance Guidelines Sarbanes-Oxley (SOX) SOX Requirements... 2

retained in a form that accurately reflects the information in the contract or other record,

Archiving for the Financial Industry

Regulatory Compliance: How Digital Data Protection Helps

Archiving Benefits

HP StorageWorks Reference Information Storage System Designed to Assist Financial Services Organizations Comply with Retention Requirements

CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline)

21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES CFR Part 11 Compliance PLA 2.1

Compliance Matrix for 21 CFR Part 11: Electronic Records

SPOTLIGHT ON. Advisors Recordkeeping Obligations

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

10 Steps to Establishing an Effective Retention Policy

39C-1 Records Management Program 39C-3

Implementation of 21CFR11 Features in Micromeritics Software Software ID

savvisdirect White Papers

The ComplianceVault Archiving & Retrieval Appliance and the SEC a-4 Requirements

How to build a compliant storage infrastructure

Management: A Guide For Harvard Administrators

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

787 Wye Road, Akron, Ohio P F

RECORDS RETENTION AND SECURITY REGULATIONS THINK ABOUT IT!

Best Practices Series Document Retention and Best Practices

Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, :00 AM

EMC White Paper EMC Xtender Provides Records Management for Microsoft Exchange Server 2003

SUTLEJ TEXTILES AND INDUSTRIES LIMITED DOCUMENT PRESERVATION AND RETENTION POLICY

rsdm and 21 CFR Part 11

Gramm Leach Bliley Act. GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 7/1/2007

How To Get A Whistleblower Pass On A Corporation

ELECTRONIC RECORD AND SIGNATURE COMPLIANCE. NASD Rules 3010(d) and 3110(c)(1)(C) SEC Rule 17a-4 15 USC 7001 et. seq. (E-SIGN)

Electronic Document and Record Compliance for the Life Sciences

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Union County. Electronic Records and Document Imaging Policy

Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

Addressing SOX compliance with XaitPorter. Version 1.0 Sept. 2014

Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures

21 CFR Part 11 Compliance Using STATISTICA

orldox GX3 Cloud for Financial Services Worldox GX3 Cloud Compliance Outline The Best of both Worlds. / Whenever. Wherever.

The Impact of 21 CFR Part 11 on Product Development

Page 1 Disclaimer: None of the provisions of this document constitute legal advice. If you need legal advice on the provisions of the laws listed,

Compliance and New Regulations Drive Demand for Information Archiving

The Paradox in Data Storage

WHITEPAPER. The Companion Guide to FINRA/SEC Social Networking Compliance

SolidWorks Enterprise PDM and FDA 21CFR Part 11

HIPAA Compliance and the Protection of Patient Health Information

DeltaV Capabilities for Electronic Records Management

Full Compliance Contents

Senate Bill No. 48 Committee on Health and Human Services

Broker-Dealer and Investment Adviser Compliance Programs

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

Why organizations need to archive

Compliance and Industry Regulations

HIPAA Compliance Guide

Reducing Sarbanes-Oxley Operational Risk. Using. A Document Management System

HIPAA Compliance: Are you prepared for the new regulatory changes?

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA Security Checklist

City of Minneapolis Policy for Enterprise Information Management

Compliance in the Corporate World

How To Preserve Records In A Financial Institution

HIPAA PRIVACY AND SECURITY AWARENESS

White Paper Achieving SOX Compliance through Security Information Management. White Paper / SOX

Security in Fax: Minimizing Breaches and Compliance Risks

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements

Oracle WebCenter Content

AutoSave. Achieving Part 11 Compliance. A White Paper

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

HIPAA Security Rule Compliance

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Security Information Lifecycle

RECORD AND INFORMATION MANAGEMENT FRAMEWORK FOR ONTARIO SCHOOL BOARDS/AUTHORITIES

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

State of Michigan Records Management Services. Frequently Asked Questions About E mail Retention

Double-Take in a HIPAA Regulated Health Care Industry

The Legal Advantages of Retaining Information

HIPAA BUSINESS ASSOCIATE AGREEMENT

21 CFR Part 11 Electronic Records & Signatures

Archiving can prevent average business cost increases of

Plethware Premium Services

UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C

DOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS

Legal Aspects of Records Management

7Seven Things You Need to Know About Long-Term Document Storage and Compliance

HIPAA Information Security Overview

21 CFR Part 11 Implementation Spectrum ES

Cloud Service Contracts: An Issue of Trust

EnterpriseEdition. TEL: +36 (30) FAX: +36 (1)

How Archiving Supports HIPAA Compliance

DeltaV Capabilities for Electronic Records Management

EFFECT OF THE SARBANES-OXLEY ACT OF 2002

archiving, compliance, and ediscovery solution designed specifically for U.S. financial services companies.

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Compliance in the BioPharma Industry. White Paper v1.0

FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER

Veritas AdvisorMail. archiving, compliance, and ediscovery solution designed specifically for U.S. financial services companies

Transcription:

Rackspace Archiving Compliance Overview Freedom Information Act Sunshine Laws The federal government and nearly all state governments have established Open Records laws. The purpose of these laws is to provide a level of transparency to the activities of government agencies and officials to their citizens. There are no specific guidelines on how long emails must be retained. However, IT departments of these agencies must comply with the request for information which, in the absence of an email archiving solution, typically includes the laborious process of the restoration of backup tapes and the manual search across multiple mailboxes. In many cases, this search only produces a fraction of the emails pertaining to the request. Rackspace Archiving provides quick deployment of email archiving for all government agencies regardless of their email platform. With secure capture of all emails and full text indexing of emails/attachments, Freedom of Information requests are fulfilled with limited expenditure of IT resources. Federal Rules of Civil Procedure (FRCP) The U.S. Supreme Court has recently ratified changes to the Federal Rules of Civil Procedure (FRCP), which will take effect on December 1, 2006. These changes shift the rules of discovery in a legal proceeding from a focus on policies for electronic records retention, disposition, and preservation, to a focus on procedures that will streamline evidence presentation. Email and storage administrators need to answer key questions like: Where is the data in question? What actions were taken to preserve it? How can the data be searched and reproduced? Just what is the company s established data retention/deletion policy? Importance of METADATA Rackspace Archiving helps organizations comply with the Federal Rules of Civil Procedure as it pertains to email archiving by securely capturing, indexing and storing up to 9 copies of auditable email for easy retrieval through our search and discovery interface.

Open Meeting Laws Most local governments (County, City, Towns, and School Districts) have strict Open Meeting Laws. Join Letters, Conference Calls, and Emails usually entail deliberation and are subject to Open Meeting Laws. SEC 17A-4 and NASD 3010 The Securities Exchange Commission (SEC) originally enacted the Securities Exchange Act in 1934, as a means of protecting investors from fraudulent or misleading claims by securities dealers. The Act required member firms to create and maintain transaction records that could be reviewed and audited. In 1997, rule 17a-4 of the Act was amended to provide procedures for storage of electronic records, including emails. This rule has since been interpreted to include instant messages as well. NASD (National Association of Securities Dealers) applies similar rules to its member firms through NASD 3010. The provisions of SEC 17a-4 and NASD 3010 apply to all individuals and organizations involved in trading securities. This includes securities firms, stock brokerage firms, banks, and any financial institutions that fall under SEC or NASD jurisdiction. They require securities dealers to implement specific, enforceable retention procedures, which include the following: Archived messages must be stored in duplicate. One copy must be stored in an online archive, and a second copy must be stored offline on permanent, tamperproof media, such as Write-Once-Read-Many (WORM) technology. Storage media must be verified automatically for quality and accuracy. Rackspace provides storage for all archived email on WORM compliant storage. Archived messages must be date/time-stamped and serialized. Each message must be assigned a unique, sequential identification number as a safeguard against deletion. Rackspace guarantees we capture messages with their original integrity in tact (Message ID, body, attachments, etc.) Messages are differentiated by a unique identifier as a safeguard against deletion. A searchable index of all stored data must be maintained. Indexes must be retained on each unit of storage media for the messages and attachments stored on that unit. Rackspace indexes all message components: Header, Body and Attachments and stores these securely.

Messages and indexes must be easily retrievable and downloadable to other media as required by SEC regulators. Rackspace s Archiving service indexes all message components: Header, Body, and Attachments. All of these components are easily searchable through a secure web based user interface and retrievable to standards-based formats like.pst,.pdf, text, mime, etc. SEC Investment Advisers Act of 1940 The U.S. Securities and Exchange Commission (SEC) has recently imposed new regulations on private investment pools, also known as hedge funds. The U.S. Securities and Exchange Commission, in a three-to-two vote on Oct. 26, 2005 decided to require hedge fund managers with assets in excess of $25 million to register under the Investment Advisors Act of 1940. The regulation went into effect on Feb. 1, 2006.The ruling requires that most hedge fund advisers register with the SEC under the Investment Advisers Act of 1940, which includes provisions for securing, managing and archiving all electronic communication, including email and instant messages. The rules governing the retention of electronic documents are the same as SEC 17 a-4. Sarbanes-Oxley (SOX) The Sarbanes-Oxley Act of 2002 was enacted in the wake of several major corporate and accounting scandals. Its provisions affect email retention, integrity and oversight. Sarbanes-Oxley applies to all publicly traded companies and the CPA s and attorneys associated with these companies. Section 802 presents a possible fine of up to $1,000,000 dollars or a prison sentence of up to 20 years for any person who destroys, alters, mutilates, or conceals any electronic document in an official investigation. Sarbanes-Oxley specifies minimum retention periods for all accounting records, work papers, communications, file attachments, and documents whether transmitted via email, instant messaging or other message modes. Section 302 requires CFO s and CEO s to personally certify and be accountable for their firms record retention policies and financial reports. Section 404 requires auditors to certify the underlying controls and processes that are used to compile the financial results of a company. Email is a critical component in being able to achieve this certification.

Section 103(a) and 801(a) require companies to maintain all documents including electronic documents that form the basis of an audit or review for seven years. Rackspace Archiving assists companies in complying with the Sarbanes-Oxley Act as it pertains to email archiving by securely capturing, indexing and storing up to 9 copies of auditable email for easy retrieval through our search and discovery interface. HIPAA This law was passed in 1996 and took effect in 2001. All organizations and business which handle, maintain, store, or exchange private health or patient related-information, regardless of size, are subject to HIPAA. In addition to health care providers and insurers, this includes employers maintaining employee health records, life insurers, public health authorities, organ donation banks, pharmacies, long-term facilities, billing agencies and clearinghouses. Each instance of intentional unauthorized disclosure is punishable by fines up to $250,000 and possibly 10 years of jail time. Section 164.312 establishes safeguards for electronic storage and maintenance of individual health information. Organizations must ensure the confidentiality, integrity and availability of all protected electronic information it creates, receives or transmits. Mandates the use of security measures in 164.312(e), like encryption, to protect electronic health information from unauthorized access while being transmitted over electronic networks. In HIPAA section 164.312 the law establishes strict requirements regarding user access, authentication, and data protection. Section 164.308 requires covered entities to establish contingency plans for responding to emergencies which damage systems containing electronic protected health information. This includes the ability to maintain retrievable copies of electronic records and having disaster recovery plan to restore any loss of data. Section 164.312(b) establishes audit controls to determine when messages were delivered, manipulated or when administrators accessed the system. Rackspace Archiving helps organizations comply with the HIPAA regulation as it pertains to email archiving by securely capturing, indexing, and storing up to 9 encrypted copies of auditable email for easy retrieval through our search and discovery interface.

21 CFR Part 11 Pharmaceutical Companies: This legislation was enacted by The Food and Drug Administration (FDA) in 1997 and enforced beginning in 2000. It governs the use of electronic signatures and electronic records by pharmaceutical manufacturing companies. It aims to insure that electronic media provide the same level of data integrity as the paper-based storage and retrieval systems they are increasingly replacing. It mandates that: For electronic signatures to be considered the legal equivalent of handwritten signatures, they must be secure, unique, and verifiable. Electronic signatures generally consist of a user name and password, which are tied to a specific computer. For electronic records to be accepted by the FDA, they must provide an inclusive audit trail that is computer-generated, operatorindependent, time-stamped, and secure. The audit trail must preserve the total sequence of electronic events: record changes cannot overwrite previous information. From the time a file is created, all additions, deletions and changes must be saved in such a way that they can be retrieved and reviewed at a later time, and they must be traceable to the individuals who initiated them and who can be held responsible via their electronic signatures. Rackspace Archiving helps organizations comply with the 21 CFR Part 11 regulation as it pertains to email archiving by securely capturing, indexing, and storing up to 9 copies of auditable email for easy retrieval through our search and discovery interface. Gramm-Leach Bliley Act (GLBA) The GLBA was signed in 1999 and became fully effective on July 1, 2001. The law applies to banks, brokerage firms, tax preparation companies, insurance companies, consumer credit reporting agencies, and a wide variety of other financial services firms. Violations of the GLBA may result in a fine of up to $100,000 dollars and 5 years in jail. The primary focus of the GLBA is the protection of customer s personal financial information. Section 6801 - Regulated organizations must insure the security and confidentiality of custom records and information. In Section 6801 the law requires that access to all customer records be carefully controlled to prevent substantial harm or inconvenience to any customer. Any storage location that contains sensitive customer information must be protected by strong access control and secure passwords. In Section 6801 (b)(1) companies must ensure that email messages are kept secure and encrypted when being transmitted over a link.

Sensitive customer information must be protected in case of physical disaster or technological failure. Rackspace Archiving assists companies in complying with GLBA as it pertains to email archiving by securely capturing, indexing, and storing up to 9 copies of auditable email for easy retrieval through our search and discovery interface. Office of the Comptroller of the Currency Advisory Letter 2004-9 On June 14, 2004 the OCC Advisory sent out a letter highlighting issues regarding Electronic Record Keeping in light of the E-SIGN Act. 15 USC 7001. The purpose of this letter was to address key issues posed by electronic record keeping systems. The OCC Advisory letter stated that banks should implement an electronic record retention system to allow litigation, audits, bank supervision, and compliance with laws & regulations. Systems should also prevent external access by third parties, and provide back-up, internal controls, record destruction, and record retention. Rackspace Archiving assists companies in complying with OCC Advisory as it pertains to email archiving by securely capturing, indexing, and storing up to 9 copies of auditable email for easy retrieval through our search and discovery interface.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information