>> Unlike... um, anyone on this list, it seems... I know firsthand >> what SEC and NASD think of homegrown "compliance" solutions.
> That's why you pay someone else to do it and insist that they slap on a > fancy name like "Perfect Super Uber E-mail Compliance Archive System". If it's hosted in-house, it's easy to tell that it's homegrown (because the fact that it's in-house alone is often illegal). Really, I get the feeling you don't really know what passes muster and what doesn't, but you're frustrated that a big (biggish, they're really quite small in personnel) company like GlobalRelay might be getting some props. I know you're healthily skeptical of big shops hosting ostensibly premium software, because of your hosting business and boutique approach. But that doesn't let you blindly extend your dismissive brush to other lines of business. Some other people know much more about compliance, and they sure ain't using VBScript to do it. 10 hours? You must be smokin' that good-good! > ...no one should invest in something that doesn't meet regulations. Yeah! > I do have some experience with the feds, and I did work for a > multi-billion dollar corporation where my immediate boss was in > charge of E-mail for the entire company, and we were always being > sued by someone. Well, if you haven't been a primary participant in a compliance audit/investigation *specifically* of e-mail archives, you aren't speaking from experience. I have been part of several such processes. That experience is where I've always been coming from on this issue: I wouldn't raise a peep if I hadn't been much more intimately involved than anyone else here. > That was pre-SOX though, but we all knew it was coming and that it > mostly just clarified retention policies by better defining what was > classified as a covered communication. If everyone's best guesses were accurate, there wouldn't be million-dollar fines handed out for inadequate archiving. > I also have a good friend deals with bank audits on a regular basis > as well as SOX compliance. When audited, they will always point a > list of things out, and they can find fault with anything that they > choose to find fault with. The real trick is ensuring that you > aren't grossly negligent. The "real trick" is not trying to do compliance on the cheap, but understanding why it exists. Know your history. If one can't handle the budgetary heat of being in a regulated business, but one is a somewhat honest person, get out of the kitchen. On the other hand, if one is dishonest -- if one doesn't think late trading and market timing are as immoral as non-violent business gets, and if you don't think it's worth fighting for fair business practices, even if that means you make some sacrifices because of others' evils -- do everyone a favor and just walk off a cliff. > Also note that congress didn't even specify retention periods within > SOX or methods of retention, this was all inferred after the fact by > combining aspects of various laws and regulations, and they > certainly didn't endorse a particular product for providing a > solution. Yeah, that's why my involvement in ACTUAL audits -- the law as applied -- is what I draw on in my responses. > With all of that said, I believe that what one does should be > compatible with the dynamics of one's business. For a single > location entity with less than 200 employees, clearly a less robust > solution could manage the task, and it could be home grown. You seem to think that # of locations or # of employees is relevant. That's a joke! Look at the mutual fund scandals of a couple of a few years ago, which led to many e-mail audits. Do you understand how many single locations with < 50 heads were involved? Didn't think so. And have you pieced together why late trading was worth every penny spent on its investigation and prosecution, and subsequent tighter regulation? Here's one way of looking at it: Ever see the show "Early Edition"? Now, imagine if the everyday hero if that show had instead been the Eye of Sauron. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
