Compliance
Are You Compliant? The Legal Need for Document Management
White Paper: "Compliance is Top Concern"
More: Ammendment to the Civil Rules of Federal Procedure (FRCP)
In order for companies to stay in compliance with all of the recent industry-specific regulations, they need to make sure that their document management strategies are in order.
The following is a list of some of the most recent regulations and how they will impact your company’s document management strategy. This is just a summary, however; if you are worried that your company is not in compliance, at the very least you should look into each regulation more closely using the links provided. Non-compliance is a serious issue and could result in legal action against your company. According to Forrester Research, the SEC fined five Wall Street brokerages $8.25 million for improperly storing e-mail communications.
Summary List of Laws pertaining to Document/Content Management and Email Archival
| Leading Compliance Standards, Laws, and Regulations | ||||
| Item | Definition | Affects | Highlight | More Info/Comments |
| SEC 17a-4 | Store Electronic Records on non-rewritable, nonerasable format. Records retention; ability to capture, store and manage correspondence/ communications regarding business transactions | Financial services such as brokers, dealers, exchange members | Gives retention periods for securities broker/dealer records; stipulates requirements if electronic record-keeping systems are used | Does not make technology use mandatory; Mentions imaging but does not stipulate it as the only useable technology |
| Sarbanes-Oxley 404 | Monitoring of the process involved in producing and changing financial records | All publicly traded companies, public accounting firms, auditors, brokers, securities analysts | For public companies, provides requirements for audit committees, financial reporting, insider trading, executive loans, change disclosure and management's assessment of controls | Final rules for particular sections emerging, for example, Section 404 now requires assessment of financial controls rather than internal controls; Deadlines extended to 2004 for large companies, 2005 for small companies. |
| Sarbanes-Oxley 409 | Disclose information on material changes in the financial condition or operations of the issuer on a rapid and current basis | All publicly traded companies, public accounting firms, auditors, brokers, securities analysts | "Same as Sarbanes-Oxley 404" | Library services on content with the ability to track changes |
| HIPAA | Protects "Individually identifiable health information" that is, any data identified by name, social security, address or birth date whether it is electronic, paper or oral. Also requires patient notification of privacy policies. | Health plans, including employer-sponsored health and all healthcare providers that transmit patient information electronically for claims, benefit eligibility, referral authorizations, etc. | Security rule, effective April 21, 2005, requires best practices for assuring that electronic patient data is confidential, available as needed and maintained with integrity intact. | More information |
| Check 21 | The law facilitates check truncation by creating a new negotiable instrument called a substitute check, which would permit banks to truncate original checks, to process check information electronically, and to deliver substitute checks to banks that want to continue receiving paper checks. | Banking Institutions | The Law was signed into law on October 28, 2003, and will become effective on October 28, 2004. The law does not require banks to accept checks in electronic form nor does it require banks to use the new authority granted by the act to create substitute checks. | More information |
| IRS Rev. Proc. 97-22 | Provides guidance to taxpayers that maintain books and records by using an electronic storage system that either images their hardcopy (paper) books and records, or transfers their computerized books and records, to an electronic storage media. | Financial Services | An electronic storage system must ensure an accurate and complete transfer of the hardcopy or computerized books and records to an electronic storage media The electronic storage system must also index, store, preserve, retrieve, and reproduce the electronically stored books and records. | More Information |
| Gramm-Leach Bliley Act | Requires financial services companies to implement safeguards for customers' current and legacy information. | Financial services such as brokers, dealers, exchange members | In essence, the act makes it illegal for a financial institution to share customers' "nonpublic personal information" with third parties unless the company first discloses its privacy policy to consumers and allows them to opt-out of that disclosure. | More Information |
| 21 CFR 11 | Defines the recommendations for managing audit trails, access control and electronic records retrieval. | Healthcare and Pharmaceuticals | On February 20, 2003, the FDA released a new draft--Draft Guidance for Industry; Part 11, Electronic Records; Electronic Signatures - Scope and Application which changes the requirements for electronic records. It also withdraws many previous guidance documents on maintenance of records, e-copies of records, timestamps and validation. |
More Information |
| Dept. of Defense 5015.2, version 2 | Defines the basic requirements based on operational, legislative and legal needs that must be met by records management application (RMA) products acquired by the Department of Defense (DoD) and its Components | Vendors of electronic records management software and document management products paired with RM software | Testing and certification program for software products | Many government entities require RM software to comply with this standard. For a register of DoD certified products, click here. |
| Government Paperwork Elimination Act | Requires federal agencies to accept electronic information and transactions. It also requires that they maintain electronic records | Federal Agencies | This work must be completed by October 21, 2003. | n/a |
| NASD 3010 & NYSE 342 | Requires member organizations to establish and maintain a system of supervision, demonstrate that their system is complete, evaluate it on a regular basis and ensure that it remains effective | Members of the National Assoc. of Securities Dealers (NASD) and New York Stock Exchange (NYSE) | Record-keeping requirements concerning e-mail communications | More Information |
Penalties for Non-Compliance
ViewWise can assist in helping you become Compliant!
* Sources used Transform Magazine, AIIM EDoc Mag and DocumentIQ.
