The Sarbanes-Oxley Act was passed in response to the Enron and World.com scandals. Energy giant, Enron, and WorldCom, a telecommunications company, misled their shareholders and the general public about their internal accounting and business practices. After being discovered, both companies filed for bankruptcy and collapsed, resulting in greater scrutiny of internal corporate communications and financial auditing.
The Securities and Exchange Commission (SEC) began heavily enforcing SOX after it passed in 2002. SOX and changing federal email regulations forced public companies, certain management and accounting firms, and privately held companies to adopt more stringent standards for how they manage and archive internal communications that may be useful to shareholders, to the public, and in any potential litigation matters.
To reach SOX compliance, companies have a critical set of responsibilities to follow. One of the most far-reaching responsibilities with particular relevance to MSPs, however, is the archiving requirement for different types of internal information and communications. Specific retention periods vary based on the information contained in certain files and communications. For example, the law specifically states that audit or review papers must be archived for five years.
The varying time spans for archived materials are designed to provide shareholders, the public, and regulators with as much transparency as possible. By maintaining well-organized archives of internal information and organizational communications, businesses can more easily comply with audits and oversight efforts and instill customer confidence in their operations.
How can email archive services help with SOX compliance?
For MSPs tasked with helping customers strive toward compliance with the SOX regulations, it is imperative they use the right tools to manage and archive relevant communications. Email archive services can help make this possible, empowering MSPs with a wide range of customers to effectively enforce respective email retention policies. Perhaps most importantly, these services make it easy for MSPs to help customers manage well-organized communications records required under SOX and the Federal Regulations on Civil Procedure.
These email security tools also offer specific functionalities that are helpful for MSPs and their customers working toward SOX compliance. For example, SOX prohibits the alteration, destruction, mutilation, concealment, or falsification of relevant information with the intent to obstruct transparency and effective oversight. If organizational information and communications are archived on-site, however, there’s always the chance someone within the company could access them and alter them in a way that would directly violate federal law.
Third-party email archive services allow customers to work with MSPs to store communications off-site. This simultaneously helps prevent anyone within the organization from tampering with sensitive information and can make data retrieval more efficient. Additionally, storing this information with a third-party, such as a trusted MSP that uses email security tools, can help assist with data availability during natural disasters or system failures mitigating widespread damage to a business. In this situation, offsite information can be protected and preserved while the affected organization gets back up and running.
Which email security tools should MSPs use?
MSPs working with multiple customers need email monitoring tools that can manage retention policies across a variety of organizations. These tools should fully integrate with primary email services such as Microsoft 365 and Gmail, in addition to delivering effective email security capabilities that help protect against known digital threats. With SolarWinds® Mail Assure, MSPs can help their customers work toward compliance with SOX and the Federal Regulations on Civil Procedure while also helping to prevent an array of cyberattacks typically carried out over email.
Mail Assure offers unlimited retention periods with encrypted archiving, helping ensure that internal communications are safeguarded from bad actors and data loss. On top of being completely customizable based on each customer’s retention needs, SolarWinds Mail Assure provides advanced threat protection for inbound and outbound email security, helping reduce phishing, spam, and malware attacks. With Mail Assure, MSPs have a powerful email security tool they can rely on.