Sarbanes-Oxley
It is rare to come across any discussion of email security
these days without reference to "Sarbanes-Oxley".
Wikipedia gives a typically thorough discussion of the
Sarbanes-Oxley act (
http://en.wikipedia.org/wiki/Sarbanes-Oxley_Act)
so we can spare you that here.
The significance of Sarbanes-Oxley (or "Sox" as it is
affectionately known) is that it is a landmark piece of
(US) legislation that came about largely in response to
various corporate accounting scandals involving companies
such as Enron and Worldcom. Implicit in these scandals was
the falsification and/or destruction of digital information
including email. One of the objectives of the
Sarbanes-Oxley Act to was render such falsification more
difficult by making executive officers legally responsible
for proper "internal controls" on, amongst other things,
"information and Related Technology."
In fact, only a part of the Sarbanes-Oxley Act
relates specifically to digital data, and contrary to the
claims of some software manufacturers, there is no such
thing as a "Sarbanes-Oxley compliant" email system.
Furthermore, as US legislation, it applies only to US
companies and then only to those with public listings.
There are many other pieces of legislation enacted
worldwide with similar or overlapping objectives. For
example, in the UK the Data Protection Act.
MRX has been designed with a specific aim of securing email
data against tampering and other interference but without
compromising the privacy of individuals. As such, it would
help any company, large or small, to comply with the
requirements of national legislation relating to controls
on the storage and archiving of digital data. At the same
time, MRX reduces the risk of exposure to litigation
relating to employee rights.
.
