What are the Storage rqmts by law for employee emails, IM's, phone calls and faxes? How long back?

The laws that passed a few years back for Sarbanes Oxley and E-discovery require by law a company to store employee emails, IM's, phone calls and faxes for any legal issues that may arise.  The info I find does not clearly state how long this data must be stored and accessible when need to be searched upon.  I need this information to plan accordingly for a SAN.
jcs1977Asked:
Who is Participating?
 
b0lsc0ttConnect With a Mentor IT ManagerCommented:
I don't have a specific company to recommend.  You should probably find one that is in your region or locale anyways.  I would be cautious about some that will sell you services and products but aren't really getting you fully compliant.  This is something where the rule "buyer beware" is adviseable and ignorance is no excuse for failure to comply.  Just a word of caution though.  There are many companies that should be able to help with this.

If you want a general idea then try a search like http://www.google.com/search?num=100&hl=en&safe=off&q=sox+compliance&btnG=Search .  Looking at the sponsored links could be a good way to narrow down your choices.  Also adding your region or state would help.  Big (i.e. public) accounting/auditing firms should know these rules too and could help to point to reputable and good sources for IT related compliance.  Corporate law firms or companies would be another source.

I thought the info at http://articles.techrepublic.com.com/5100-22_11-5843010.html was good and helpful.  If you want some other interesting articles on this then see:

http://findarticles.com/p/articles/mi_m0BRZ/is_9_24/ai_n7072246
http://findarticles.com/p/articles/mi_m3495/is_10_50/ai_n15855256/
http://findarticles.com/p/articles/mi_m0BRZ/is_2_25/ai_n13798055
http://www.s-ox.com/feature/detail.cfm?articleID=580

There are lots of others.  I do hope these help.  Let me know if you have a question.

bol
0
 
jcs1977Author Commented:
why can no one answer this question and why does everywhere you go the law says you have to retain but no specifics????
0
 
b0lsc0ttIT ManagerCommented:
From what I have read on the law the period can be different in some cases and there are even some "grey" areas.  The general rule I have read and what I have heard the SEC, if it matters, uses is 7 years.  Let me know if you need more details.  There are actually companies and software made to help compliance with this and they would probably be a great resource for options and info if this act is one that will affect your company.

bol
0
 
jcs1977Author Commented:
More details would be good or point me towards a reputable company.  
0
 
b0lsc0ttIT ManagerCommented:
I'm glad I could help.  Thanks for the grade, the points and the fun question.

bol
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.