The term regulatory compliance is in the everyday vocabulary of many individuals responsible for designing, implementing, and managing Exchange email systems. A rush of legislation has come into effect recently, and companies both large and small are seeking ways to make their messaging systems comply with the new directives.
However, the various pieces of legislation don't explicitly define exactly how or when email needs to be retained. This is a boon for lawyers who thrive on interpretation but is less helpful for Exchange systems administrators who are looking for cost-effective, easy-to-implement solutions to prevent them falling foul of the law. In this article, I look at some of the main provisions in the most relevant pieces of compliance legislation and translate them as best I can into practical advice for Exchange system administrators.
Highlights from Key Legislation
Table 1 summarizes some key pieces of legislation that are likely to be of interest to Exchange systems administrators. Some of the main provisions in these pieces of legislation clearly identify areas that many Exchange administrators must address. Let's focus on two of the better-known directives mentioned in Table 1: the Sarbanes-Oxley Act of 2002 (SOX) and the Securities and Exchange Commission (SEC) Rule 240 Section 17a-4 directives. . . .
