I currently have Wildfire setup and used by IT staff only now. I work for a company that has to be compliant with SOX and i’'m wondering what do i need to do to make sure i CYA?
Does SOX in respects to IM only pretain to backing up the logs if it’‘s used by someone in a financial department or should i be backing them up even if it’'s only being used for a IT dept? If anyone know any good articles to read or can speak from experiance that would be great.
Thanks
Howdy.
The best thing to do is to run the question by your SOX compliance officer/person. I have found that compliance ‘‘requirements’’ tend to vary from company to company.
In our environment (not a financial institution), our IM service was not in scope at all for SOX compliance or auditing.
Pat
I’'ll second this.
Sarbanes-Oxley really is about the integrity of financial statements. It doesn’'t say much directly about IT systems. The strictures on IT systems come from how a given company determines that they will maintain compliance.
For instance, if you have a SOX key control that says “All internal company communications will be logged and retained for 30 days” then you’'d better make sure that your Jabber implementation logs everything and retains it for the specified period.
But personally I think it’'d be odd to make an IM system part of a SOX control.