Page 482 - Handbook of Modern Telecommunications
P. 482
Network Organization and Governance 4-13
TABl E 4.1.1 Important Regulations for Information Life-Cycle Management
SOX Sarbanes-Oxley Act
HIPAA Health Insurance Portability and Accountability Act
CALEA Communications Assistance for Law Enforcement Act
GLBA Gramm-Leach-Bliley Act
NASD National Association of Securities Dealers
ETSI European Telecommunications Standards Institute
PIPED Canada’s Personal Information Protection and Electronic Documents Act
BASEL Rewrites banking safety rules with a new focus of operational risks, such as
losses from fraud, computer failure, and acts of negligence.
cost and uncertainty of manual searching. Manual discovery is time consuming, expensive, and
unreliable. Selecting the right technology framework allows a company to set up its control envi-
ronment according to processes, cycles, accounts, etc. and provide the correct reporting require-
ments across all key criteria.
• Step 4: Educate your staff: Once you have solidified your new internal guidelines, take the time to
walk your employees through the new process and provide a written overview of the internal con-
trols and document retention policies. Hold a training session for your staff to educate employees
and communicate the importance of everyone adhering to the regulations.
Table 4.1.1 summarizes the most important regulations that are relevant for life-cycle management
of documents. The list is not complete; many states and many countries have specific regulations that
are not listed.
SOX is the most general compliance challenge representing requirements for honest business con-
ducts. Table 4.1.2 summarizes document-related technologies for SOX compliance support.
TABl E 4.1.2 Document-Related Technologies for SOX Compliance Support
SOX Section Number Section Title and Expectations Document-Related Technologies
103 Auditing, quality control, and independence Document management
standards and rules Message archiving
104 Inspections of registered public accounting firms Document management
Records management
Message archiving
105 Investigations and disciplinary proceedings Document management
Records management
Message archiving
301 Public company audit committees Message archiving
CRM or compliant management software
302 Corporate responsibility for financial reports Financial reporting and disclosure
Workflow BPM
404 Management assessment of internal controls Internal control and audit
Workflow BPM
409 Real-time issuer disclosures Financial reporting
Workflow BPM
Web content management
501 Treatment of securities analysts by registered Message archiving
securities associations and national securities
exchanges
801 Corporate and criminal fraud accountability Message archiving
802 Criminal penalties for altering documents Document management
Records management
Web content management
Message archiving
