Compliance
Electronic communications, like email and now IM, are subject to an increasing number of industry and government regulations, and demonstrating compliance with the various rules and standards presents a key challenge for today's organization.
Instant Messaging for business communications—whether or not it's authorized—is widely considered a form of electronic communication and subject to all rules and standards applicable to email. That is, regulations (such as SEC 17a-4, NASD 3010, Sarbanes-Oxley, HIPAA, and Gramm-Leach-Bliley) now apply to Instant Messaging—both public IM (such as AOL, MSN, ICQ, and Yahoo!) and enterprise IM (such as Microsoft Live Communications Server and IBM Lotus Instant Messaging).
Failing to comply with these regulations is no longer an inconsequential slap on the wrist, but can result in significant financial and legal liabilities. Regulations for electronic communications that apply to Instant Messaging can be generally grouped into two categories:
Information Control, Retention and Review | Privacy Protection and Security
Information Control, Retention and Review—companies are required to control who can IM with whom (such as enforcing Chinese walls), to log and archive all IM, and to systematically review messages. These regulations include SEC 17a-4, NASD 3010, NASD 2711, NYSE Rules 440 and 342, Freedom of Information Act, and Sarbanes-Oxley.
- Control access to IM
- Access control by user, group and domain
- Flexible content and keyword filtering
- Chinese walls between groups
- Automatic screen name mapping
- Authorized access to all public IM
- Log and archive all IM
- Log both public and enterprise IM
- Integrations with leading email archiving systems
- Zero message loss architecture
- Review and audit IM
- Robust web-based search and retrieval
- Conversation annotation and escalation features
- Reviewer and auditor roles with review quotas
- IM compliance reporting
| REGULATION | REQUIREMENT for INDUSTRY |
|---|---|
| SEC 17a-3 and 17a4 | Archive and review of electronic communications FINANCIAL SERVICES |
| FDIC | Retention and review of all electronic communications FDIC MEMBER BANKS and FINANCIAL INSTITUTIONS |
| NASD 3010 and 3110 | Retention and review policies for electronic communications FINANCIAL SERVICES |
| NASD 2711 | Separation of broker-dealers from investment analysts FINANCIAL SERVICES |
| NYSE Rule 440 | Retention of all order electronic communications FINANCIAL SERVICES |
| FERC/NERC | Retention and review of all electronic communications ENERGY COMPANIES |
| Sarbanes-Oxley | Availability of historical communications for audits and Chinese walls for analysts PUBLICLY TRADED COMPANIES |
| Freedom of Information Act | Control and retention of all records FEDERAL GOVERNMENT AGENCIES AND CONTRACTORS |
| 21CFR Part 11 | Retention and audit of "e-records" LIFE SCIENCES and PHARMACEUTICALS |
| 5015.2STD | Retention and audit of messages DEPARTMENT OF DEFENSE |
| Regulation FD | Control over external communications PUBLICLY TRADED COMPANIES |
| Amended Federal Rules of Civil Procedure | Retention, disclosure, and producing of electronic messages (including IM and chat) ALL ORGANIZATIONS THAT MAY BECOME INVOLVED IN LITIGATION IN A FEDERAL COURT |
Akonix Features For IM Compliance
- Logging and archiving all IM conversations
- Real-time monitoring of flagged messages
- Flexible web-based search and retrieval
- Multiple user roles for systematic audit of messages
- Annotation and email escalation of flagged or blocked messages
- Tracking for % of reviewed messages
- Ad hoc or scheduled compliance reports
- Access control to logs by group
- Flexible access control to enforce Chinese walls
- Informative reports on policy violations
Privacy Protection and Security—companies are required to protect sensitive information (such as consumer financial data) when using Instant Messaging. Regulations include HIPAA Privacy and Security, Gramm-Leach-Bliley, and California SB 1386
Akonix delivers the industry-leading solution to allow companies to meet and demonstrate compliance with both categories of industry and government regulations on Instant Messaging. Combining Akonix L7 Enterprise with Akonix L7 Enforcer provides complete regulatory compliance to enterprises while allowing them to continue to realize the benefits of IM for business communications.
- Flexible content filtering
- Encrypted message log
- Access control by user, group and domain
- Internal message reflection
| REGULATION | REQUIREMENT for INDUSTRY |
|---|---|
| HIPAA | Protection of all patient health information HEALTH-RELATED INDUSTRIES |
| Gramm-Leach-Bliley Act | Protection of customer information ALL INDUSTRIES |
California SB 1386 |
Protection of personal information ALL CALIFORNIA INDUSTRIES |
| EU Data Protection Act (EU) | Protection of personal information ALL INDUSTRIES |
| PIPEDA ( Canada) | Protection of personal information ALL CANADIAN INDUSTRIES |
- Flexible keyword and pattern (such as SSN) filtering
- Message logs encrypted and protected
- Granular access control by user, group and domain
- Internal message reflection to keep data internal
- File transfer control by user and file type
- Informative reports on policy violations
