Occasionally, I find a simple solution to a complex problem that works better than expected. Office of Foreign Assets Control (OFAC) compliance can be difficult. OFAC is the treasury department responsible for, among other things, enforcing the PATRIOT ACT and Terrorism Sanction Regulations regarding blocking financial transactions with suspected terrorists. Basically, OFAC requires you to compare your client list regularly to the published terrorist watch lists. If you find a match, you are required to stop doing business, freeze the money, and contact the Feds.
The hard part of OFAC compliance is matching your clients to the watch list. OFAC publishes a list on a regular basis, but the list is not exactly user friendly. Complicating matters is the fact that the list contains lots of Mohammeds, Usamas, and John Smiths. Most names on the list also have dozens of aliases. Obviously, not everyone named Mohammed doing business with you is a terrorist, so how do you distinguish the good from the bad? (read more…)
In case you missed the news, today new Supreme Court rules went into effect regarding e-discovery. There were several good articles on the wires today: Yahoo; Washington Post; Investor’s Business Daily.
The problem with all these articles is that they don’t provide links to the actual rules published by the court. Since I have no life, I searched the Supreme Court’s website for the published rules. The new rules (http://www.supremecourtus.gov/orders/courtorders/frcv06p.pdf) were released by the Supremes last April. Based on my reading, there is both good and bad news in the rules with regards to e-discovery.
(Legal Disclaimer: I am not a lawyer; Do not rely upon my opinions; When in doubt hire a real lawyer and make sure he’s a good one; I am not responsible if you rely upon my analysis.) (read more…)
I wrote this paper last year on document retention & compliance with regard to e-mail systems. Sarbanes-Oxley section 802 has created a small nightmare for IT managers, and there is precious little information for what 802 really means. I wrote this paper as a guide for designing a system that would satisfy the worst case scenario. SOX 802 carries big financial penalties as well as jail time for company officers. If you are an IT manager of a public company, this paper will serve as a good starting point. It is written with a vendor neutral approach.
If you are looking for a compliance solution for e-mail, I highly recommend Hewlett-Packard’s RISS/RIM product suite. Symantec’s Enterprise Vault is also a good product, although in my experience it does not scale well beyond 1 data center. If you find this paper useful, drop me a comment and let me know how you are dealing with e-mail & SOX. «download here»
Warning: DOMDocument::loadXML() [domdocument.loadxml]: Entity 'aacute' not defined in Entity, line: 150 in /homepages/5/d178659836/htdocs/edgeblog/wordpress/wp-content/plugins/inlineRSS/inlineRSS.php on line 174
Warning: DOMDocument::loadXML() [domdocument.loadxml]: Entity 'oslash' not defined in Entity, line: 150 in /homepages/5/d178659836/htdocs/edgeblog/wordpress/wp-content/plugins/inlineRSS/inlineRSS.php on line 174
Catchable fatal error: Argument 1 passed to XSLTProcessor::transformToXml() must be an instance of DOMDocument, boolean given, called in /homepages/5/d178659836/htdocs/edgeblog/wordpress/wp-content/plugins/inlineRSS/inlineRSS.php on line 242 and defined in /homepages/5/d178659836/htdocs/edgeblog/wordpress/wp-content/plugins/inlineRSS/inlineRSS.php on line 174
Occasionally, I find a simple solution to a complex problem that works better than expected. Office of Foreign Assets Control (OFAC) compliance can be difficult. OFAC is the treasury department responsible for, among other things, enforcing the PATRIOT ACT and Terrorism Sanction Regulations regarding blocking financial transactions with suspected terrorists. Basically, OFAC requires you to compare your client list regularly to the published terrorist watch lists. If you find a match, you are required to stop doing business, freeze the money, and contact the Feds. 
