Corporate Compliance Regulations & Standards

August 27, 2008

More than 8,500 state and federal regulations concern records management in the United States. There are several more voluntary standards that can be adopted. Here is a sampling of some of the more common standards and regulations that concern document and records management.

The Sarbanes-Oxley Act of 2002

Also known simply as “Sarbanes Oxley” or “SOX,” the Sarbanes-Oxley Act of 2002 was passed in the wake of a number of corporate accounting scandals at companies like Enron and Arthur Andersen, which came to light after the year 2000.

Signed on July 30, 2002, the legislation’s goal is to create oversight at publicly traded companies and independent auditors so investors are not fooled by phony profits and revenue. Among the several results of Sarbanes-Oxley is the creation of an oversight board for accounting firms that audit publicly traded companies. It also stresses independence of auditors and financial analysts; addresses corporate responsibility at publicly traded companies; and protects whistleblowers.

At no point does the word “software” appear in the text of the Sarbanes-Oxley legislation. But in order to achieve the type of audit trails and records keeping required to be in compliance, most companies will use some type of content or records management software.

Section 404 of Sarbanes-Oxley is widely cited in the literature of software companies. It requires each annual report of a publicly traded company to contain an “internal control report”, which states the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and contains an assessment of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.

Section 409 says that companies must disclose information on material changes in the financial condition or operations of the issuer on a rapid and current basis.

To read a summary of the entire Sarbanes-Oxley legislation, visit: http://www.aicpa.org/info/sarbanes_oxley_summary.htm.

To hear webinar on Sarbanes-Oxley legislation, visit:http://www.complianceonline.com/ecommerce/control/trainingFinder?category_id=30008

The Patriot Act

Maligned in some circles for what is perceived to be a pinching of civil liberties, H.R. 3162, better known as the USA Patriot Act, was signed in October of 2001, just over a month after the terrorist attacks of Sept. 11.

While much of the press coverage has gone to provisions in the bill that let law enforcement track what books people take from the library and the like, there are real business issues mentioned in the Patriot Act. And once again, businesses will turn to software in order to solve them.

The Patriot Act will have the most affect on companies in the financial services sector, which will have to comply with parts of the legislation that concern detecting and preventing money laundering that can be used to finance terrorism. Institutions need an automated process for continuous monitoring of accounts with detection filters and to check account holder names against watch lists and suspicious activity. They also need to track investigations in progress, and clear the names of those who have been investigated.

ISO 9000

ISO 9000 quality standards are implemented by more than 500,000 organizations in 160 countries. ISO 9000 is an international reference for quality management requirements in business-to-business dealings.

The ISO 9000 family examines what an organization does to fulfil the quality requirements of its customers and applicable regulatory requirements, while enhancing customer satisfaction, and achieving continual improvement of its performance in pursuit of these objectives.

ISO 9000 is a generic requirement, which means the same standards can be applied to any organization, large or small, whatever its product, even if the product is actually a service, in any sector of activity, and whether it is a business enterprise, a public administration, or a government department.

To hear webinar on ISO and Quality, visit: http://www.complianceonline.com/ecommerce/control/trainingFinder;jsessionid=BF212C0A5D84A8DDABE76CEACB43B217.jvm1?category_id=30004

ISO 15489

ISO 15489 focuses on the business principles behind records management and how organizations can establish a framework to enable a comprehensive records management programme. ISO 15489 is just a framework and is an optional standard that any organization can adopt.

The standard provides a common international language for organizations that record and file material, regardless of the medium or format; the size of the enterprise; the type of organization; or the level of technology used.

DoD 5015.2

The Department of Defense (DoD) 5015.2 standard defines the basic requirements based on operational, legislative, and legal needs that must be met by records management application (RMA) products acquired by the Department of Defense (DoD) and its components. It also defines requirements for RMA’s managing classified records. It has become the de facto standard for records management systems used by U.S. government agencies.

SEC, NASD and NYSE Regulations

In addition to Sarbanes-Oxley, SEC and non-government securities organizations have regulations in place that require strict record keeping by brokers, dealers, and financial services organizations.

Section 17(a) of the Securities Exchange Act of 1934, Rule 17a-4 of the Exchange Act, NYSE Rule 440, and NASD Rule 3110 require the preservation for three years, and preservation in an accessible place for two years, electronic communications relating to the business of the firm, including interoffice memoranda and communications. That includes e-mail and relevant instant-message correspondence.

For more information, see http://www.law.uc.edu/CCL/34ActRls/rule17a-4.html#top.

To hear webinar on SEC and Quality, visit: http://www.complianceonline.com/ecommerce/control/trainingFinder?category_id=30002

HIPAA

The Health Information Portability and Accountability Act (HIPAA) aims to protect personal information about consumer health records. Congress enacted HIPAA in response to the growing use of the Internet and electronic transactions. HIPAA is a privacy law to protect consumers from having their personal health information exploited by insurance companies, employers, and anyone else who may try to exploit, disclose, or publish their personal health information.

For more information, see: http://www.intranetjournal.com/articles/200211/ij_11_29_02a.html

To hear webinar on SEC and Quality, visit: http://www.complianceonline.com/ecommerce/control/trainingFinder?category_id=30007

Federal Information Security Management Act of 2002 (FISMA)

FISMA requires government agencies to provide a framework for for enhancing the effectiveness of information security in the federal government. The head of each federal agency must provide security measures commensurate with the risk and magnitude of the harm caused by potential security breaches, such as unauthorized use, access, disclosure, disruption, modification or destruction of information management systems.

For a more detailed explanation of FISMA, see:
http://www.chips.navy.mil/archives/04_winter/PDF/FISMA.pdf. (PDF file; reader required.)

Source:Intranet Journal


New edition of ISO 9001 expected in October-November 2008

June 20, 2008

A new edition of ISO 9001, the world’s most widely used quality management system standard, is being submitted for voting as a Final Draft International Standard and, subject to formal approval by the ISO membership, the publication of the revised version should be in the October-November 2008 time frame.

The proposed ISO 9001:2008 does not introduce additional requirements compared to the last edition in 2000 and does not change the intent of ISO 9001:2000.

Some Numbers

It is estimated that over one million ISO 9001 certificates have been issued to organizations in private and public sectors, in manufacturing and services, and in 170 countries.

History

ISO 9001:2008 will be the fourth edition of the standard which was first published in 1987. The third edition, published in 2000, represented a thorough revision, including new requirements and a sharpened customer focus, reflecting developments in quality management and experience gained since the publication of the initial version.

ISO 9001 is one of 17 standards (plus a corrigendum) developed by ISO/TC 176 on quality management supporting tools. These include ISO 9004:2000, Quality management systems – Guidelines for performance improvements, which is undergoing revision and expected to be published as a new edition in 2009.

Source: ISO

You can also view and learn online webinar from ComplianceOnline