As a publicly traded company does SOX (under Section 404) mandate that we archive e-mail? I know Section 802 requires...
it for public accounting firms. Also, the SEC rules require it of securities brokers and traders, but do we face the same regulations? Section 404 of the Sarbanes-Oxley Act, and the regulations there under, do not specifically speak of retaining e-mail records. They call for internal controls over financial reporting. Those controls include the idea that records will be maintained to show such things as how assets were disposed of. Thus, the records contemplated under 404 can include certain e-mail records. (Read the regulations at https://www.sec.gov/rules/final/33-8238.htm). But neither Section 404 nor the regulations, say something like 'all e-mail must be retained for seven years.'
None of Mr. Wright's statements on SearchSecurity.com are legal advice for any particular situation. If you need legal advice, you should consult a lawyer.
Dig Deeper on Security audit, compliance and standards
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.