Sarbanes Oxley Email Retention

The Sarbanes-Oxley Act was created in 2002 in response to highly publicized court trials of large corporations who participated in fraudulent financial reporting and suspect business practices which included allegations of document altering and destruction during legal proceedings. The Sarbanes-Oxley Act, also known as SOX, is governed by the U.S. Securities and Exchange Commission (SEC) and enacts legislation that not only affects the financial side of corporations but also mandates rules for document retention and storage of electronic records including email. It is within Section 802 that the commission address document tampering, length of document retention and describes the types of documents that must be retained and the consequences of non compliance. Sarbanes Oxley email retention policy guidelines are stated in in Sec 802(a)(1) and 802(a)(2) . Record Tampering In Sec. 802(a) it states that whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States shall be fined under this title, imprisoned not more than 20 years, or both. This title is also cited as SEC 1102 as the ��Corporate Fraud Accountability Act of 2002��. 5 Year Records Retention Policy-Public Companies In Sec. 802(a)(1) it states that any accountant who conducting an audit of an issuer of securities shall maintain all audit or review work papers for a period of 5 years from the end of the fiscal period in which the audit or review was concluded. Relevant Records In Sec. 802(a)(2) it describes relevant work papers as; documents that form the basis of an audit or review, memoranda, correspondence, communications, other documents, and records, including electronic records (email), which are created, sent, or received in connection with an audit or review and contain conclusions, opinions, analyses, or financial data relating to such an audit or review. It also warns that whoever knowingly and willfully violates subsection (a)(1),or any rule or regulation promulgated by the Securities and Exchange Commission under subsection (a)(2), shall be fined under this title, imprisoned not more than 10 years, or both. Retaliation Against Informants In Section 1513 of title 18, The United States Code is amended by adding at the end the following: ��(e) Whoever knowingly, with the intent to retaliate, takes any action harmful to any person, including interference with the lawful employment or livelihood of any person, for providing to a law enforcement officer any truthful information relating to the commission or possible commission of any Federal offense, shall be fined under this title or imprisoned not more than 10 years, or both��. Corporate Responsibility In Section 302 It states that the Officers of a public company must have designed internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers by others within those entities and personally attest to the accuracy of their company�s financial statements contained in periodic reports. This section requires a company to attest that reported financial information is reliable and has record of proof which can be included in email. Orca� eMail Archiver help companies meet regulatory compliance by providing a reliable capture and audit trail of all email messages and a way to quickly search and retrieve them when needed. The Orca� eMail Archiver stores and encrypts all email messages for safe and secure email archiving meeting or exceeding your industry�s regulatory retention policies. The rules of Sarbanes-Oxley may well pertain to anyone doing business today, protecting corporations and consumers from unethical business practice and breach of security. If you are a publicly traded company, obtain financial or personal customer information, or could be at risk for litigation, it is advisable to have a measure in place that can testify to the authenticity of a document and produce it in a timely manner in the case of an audit, investigation, litigation or other formal proceedings. With the wide use of email in business today it is crucial to implement a business policy that authenticates, stores, and manages all electronic records and communication for adequate business retention periods. For more information about email and electronic records retention regulations please see: External Resources External Resources will open in new browser window or tab. SEC Rules 17a-3 and 17a-4 Sarbanes-Oxley Act of 2002 Gramm-Leach-Bliley (GLB) Act FDA 21 CFR Part 11 Health Information Portability & Accountability Act (HIPAA) Related Resources Guidelines for FINRA, SEC 17a-4 (email compliance)

Gmail Account		Hexamail POP3 Reader

Install Hexamail POP3 downloader. This uses the POP3 reader module to allow POP and IMAP email to be downloaded. Configure a POP3 reader system account to login to gmail via IMAP. The server is imap.gmail.com, port 993 (use SSL). Login using your gmail address and password. Next go to the Advanced tab and select the IMAP folder [Gmail]/Chats. If you wish to save the chats as text files or email files then go to the POP3 Reader System account/Output page and choose a folder and format (MIME for email, Text for text files)

Gmail Account		Hexamail Vault

Install Hexamail Vault archiver. This uses the POP3 reader module to allow POP and IMAP email to be downloaded. Configure a POP3 reader system account to login to gmail via IMAP. The server is imap.gmail.com, port 993 (use SSL). Login using your gmail address and password. Next go to the Advanced tab and select the IMAP folder [Gmail]/Chats. If you wish to index the chats into a full text search engine use Hexamail Vault and in the Archiver choose SMTP email in the Source page.