U.S. Compliance & Regulations Satish Kumar
New regulations and requirements for operational transparency represent key drivers for the adoption of information archiving solutions. These drivers affect organizations of all types and sizes across numerous geographies and industries. Below is a list of terms and definitions for the key regulations that impact many businesses and are drivers for their information archiving projects.
Overall Statute: Specifies minimum retention periods for all accounting records, work papers, communications, file attachments, and documents whether transmitted via email, instant messaging or other message modes.
Command Archive is a highly scalable archive compatible with different data formats and (email) platforms.
Section 302: CFOs and CEOs have to personally certify and be accountable for their firms record retention policies and financial reports.
Command Archive is a bullet-proof archive and offers best-in-class infrastructure.
Sections 103(a) & 801(a): Companies have to maintain all documents, including electronic documents that form the basis of an audit or review for seven years.
Command Archive offers both email & file archiving in a single repository; We do not store data offline.
Section 802: Possible fine of up to $1M or prison sentence of up to 20 years for any person who destroys, alters, mutilates or conceals any electronic document in an official investigation.
Command Archive offers ‘granular’ legal holds. We encrypt data at all times and we offer full audit trailing.
Electronic Signatures Act
Applies to all organizations doing business electronically. Allows electronically-created contracts to have the same force of law as paper-contracts. It supersedes all state laws and provides a uniform method for conducting business electronically.
Command Archive offers best-in-class search performance regardless of archive size; We offer large export options.
FRCP Rules 26 to 35
Organizations must keep track of electronic records and be able to produce “ESI” as part of the eDiscovery process.
Command Archive data is searchable and retrievable at all times.
CFIP: Coordination of Federal Information Policy describes the role of the Director of Office Management and Budget around record management policies.
CFR: The Code of Federal Regulations is the codification of the general and permanent rules and regulations published by the executive departments and agencies of the Federal Government of the USA.
ESI: Electronically stored information, which includes employee generated content (emails, texts, social media, IM activity…), has to be and archived for easy access.
FEHA: Fair Employment and Housing Act that is specifically applicable to California
FINRA: The FINRA (Financial Regulatory Authority) was formed by the merger of the NASD and the NYSE’s regulation committee in 2007. it’s a non-governmental organization that performs financial regulation of member brokerage firms and exchange markets.
FISMA: Federal Information Security Management Act defines guidelines around record management policies.
FRCP: The 2006 Federal Rules of Civil Procedures require all organizations to maintain complete archives with ESI that is readily accessible in the event of litigation.
GLBA: The Gram-Leach-Bliley Act allowed commercial banks, investment banks, securities firms, and insurance companies to consolidate. GLB compliance is mandatory, there must be a policy in place to protect the information from foreseeable threats in security and data integrity.
GRC: Governance, Risk Management, and Compliance is the umbrella term covering an organization’s approach across these 3 areas. Governance, risk and compliance are increasingly being related integrated and aligned to some extent in order to avoid conflicts.
HIPAA: The Heath Insurance Portability and Accountability Act maintains strict rules on retaining ESI. All healthcare organizations must take steps to simplify and standardize electronic data exchange, and protect the confidentiality and security of all electronic health data managed by the organization.
MDM: Master Data Management refers to infrastructure, tools and best practices for governance of official corporate records that may be scattered across diverse databases and other repositories.
NARA: The United States National Archives and Records Administration is an independent agency of the USA government charged with preserving and documenting historical records and with increasing public access to those documents.
NASD: The National Association of Security Dealers was a self-regulatory organization of the securities industry responsible for the operation and regulation of the Nasdaq stock market and the over-countered market. the NASD merged with the NYSE’s committee to form the FINRA.
NYSE: The New York Stock Exchange provides a means for buyers and sellers to trade share of stocks in companies registered for public trading. Financial services are the most heavily regulated industry with regards to email archiving.
SEC: The Security Exchange Commission is a federal agency which holds primary responsibility for enforcing the federal security laws and regulating the securities industry, the nation’s stock and options exchanges, and the electronic securities markets in the USA.
SOX (Sarbanes-Oxley Act 2002): All publicly traded companies are required to maintain emails for up to 5 years, and make them readily accessible for audits, investigations, or litigation. This was enacted as a reaction to a number of major scandals: Enron, Tyco International, WorldCom, Adelphia and Peregrine.
USC: The United States Code is a compilation of the general and permanent federal law of the USA.