Problem solve Get help with specific problems with your technologies, process and projects.

Does SOX (under Section 404) mandate that we archive e-mail?

As a publicly traded company does SOX (under Section 404) mandate that we archive e-mail? I know Section 802 requires...

it for public accounting firms. Also, the SEC rules require it of securities brokers and traders, but do we face the same regulations? Section 404 of the Sarbanes-Oxley Act, and the regulations there under, do not specifically speak of retaining e-mail records. They call for internal controls over financial reporting. Those controls include the idea that records will be maintained to show such things as how assets were disposed of. Thus, the records contemplated under 404 can include certain e-mail records. (Read the regulations at https://www.sec.gov/rules/final/33-8238.htm). But neither Section 404 nor the regulations, say something like 'all e-mail must be retained for seven years.'

None of Mr. Wright's statements on SearchSecurity.com are legal advice for any particular situation. If you need legal advice, you should consult a lawyer.

This was last published in June 2004

Dig Deeper on Security audit, compliance and standards

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.