September 29, 2006

E-Mail Retention & Sarbanes-Oxley White Paper

blog.jpgI wrote this paper last year on document retention & compliance with regard to e-mail systems. Sarbanes-Oxley section 802 has created a small nightmare for IT managers, and there is precious little information for what 802 really means. I wrote this paper as a guide for designing a system that would satisfy the worst case scenario. SOX 802 carries big financial penalties as well as jail time for company officers. If you are an IT manager of a public company, this paper will serve as a good starting point. It is written with a vendor neutral approach.

If you are looking for a compliance solution for e-mail, I highly recommend Hewlett-Packard’s RISS/RIM product suite. Symantec’s Enterprise Vault is also a good product, although in my experience it does not scale well beyond 1 data center. If you find this paper useful, drop me a comment and let me know how you are dealing with e-mail & SOX.

«download here»

Thanks for stopping by.
If you found this article useful, please leave a tip.


  1. Bayly said,

    October 9, 2006 @ 11:42 am

    I tried to dowload this PDF, but I get an error message – “Bad encrypt dictionary” ?

  2. bill said,

    October 9, 2006 @ 11:50 am

    What version of Acrobat are you using? The file should open fine with the current reader. It is pasword protected against modification, so it may cause problems for 3rd party readers.


  3. edgeblog » Supreme Court Releases New E-Discovery Rules said,

    December 2, 2006 @ 1:35 am

    […] In case you missed the news, today new Supreme Court rules went into effect regarding e-discovery. There were several good articles on the wires today: Yahoo; Washington Post; Investor’s Business Daily. The problem with all these articles is that they don’t provide links to the actual rules published by the court. Since I have no life, I searched the Supreme Court’s website for the published rules. The new rules ( were released by the Supremes last April. Based on my reading, there is both good and bad news in the rules with regards to e-discovery[…]

  4. Alessio Aguirre said,

    February 12, 2009 @ 11:35 am

    Thank you, very helpful.

  5. Bill Ryan’s Other Blog » For the 10,000,000th time, Email isn’t private said,

    December 14, 2009 @ 12:15 pm

    […] Backup and storage are very cheap. Years ago, many companies would save money by getting rid of logs/records/emails older than X years, the opposite is the case now. Moreover, if you work at a publicly traded company, a private company that contracts with/for the government, or a government agency, there are probably laws requiring that all of those records are kept for a long time. That varies depending on the nature of the entity, but items like Section 802 of Sarbanes-Oxley have pretty strict requirements for email retention. […]

  6. Kieron Dowling said,

    July 5, 2010 @ 7:52 pm

    When it comes to compliance, Jatheon’s email archiving appliances meets email archiving compliance requirements including, SEC, NASD, HIPAA, FRCP, and Sarbanes Oxley. It is available on the PnC2 and Dell platforms, offers solutions for small, medium and large enterprise.

RSS feed for comments on this post · TrackBack URI

Leave a Comment