Regulations
The following is a list of the leading compliance standards, laws and regulations affecting companies in the United States:
SEC 17a-4: Store Electronic Records on non-rewritable, non erasable format. Records retention; ability to capture, store and manage correspondence/communications regarding business transactions SEC 17a-4 affects financial services such as brokers, dealers, exchange members. Gives retention periods for securities, broker/dealer records; stipulates requirements if electronic record-keeping systems are used.
For more information:
http://www.law.uc.edu/CCL/34ActRls/rule17a-4.html
Sarbanes-Oxley 404: Monitoring of the process involved in producing and changing financial records. SOX 404 affects all publicly traded companies, public accounting firms, auditors, brokers, securities analysts. For public companies, provides requirements for audit committees, financial reporting, insider trading, executive loans, change disclosure and management assessment of controls.
For more information:
http://www.sarbanes-oxley.com
http://www.sec.gov/news/press/2002-128.htm
Sarbanes-Oxley 409: Disclose information on material changes in the financial condition or operations of the issuer on a rapid and current basis. SOX 409 affects all publicly traded companies, public accounting firms, auditors, brokers, securities analysts. For public companies, provides requirements for audit committees, financial reporting, insider trading, executive loans, change disclosure and management assessment of controls.
For more information:
http://www.sarbanes-oxley.com
http://www.sec.gov/news/press/2002-128.htm
HIPAA: protects "Individually identifiable health information" that is, any data identified by name, social security, address or birth data whether it is electroncic, paper or oral. Also requires patient notification of privacy policies. HIPAA affects health plans including employer-sponsored health and all healthcare providers that transmit patient information electronically for claims, benefit eligibility, referral authorizations, etc. Security rule, effective April 21, 2005 requires best practices for assuring that electronic patient data is confidential, available as needed and maintained with integrity intact.
For more information:
http://www.hhs.gov/news/press/2002pres/hipaa.html
Check 21: The law facilitates check truncation by creating a new negotiable instrument called a substitute check, which would permit banks to truncate original checks, to process check information electronically, and to deliver substitute checks t banks that want to continue to receive paper checks. Check 21 affects banking institutions. The Law was signed on October 28, 2003 and became effective October 28, 2004. The law does not require banks to accept checks in electronic form nor does it require banks to use the new authority granted by the act to create substitute checks.
For more information:
http://www.federalreserve.gov/paymentsystems/truncation/default.htm
IRS Rev. Proc. 97-22: Provides guidance to taxpayers that maintain books and records by using an electronic storage system that either images their hardcopy (paper) books and records, or transfers their computerized books and records, to an electronic storage media. IRS Rev. Proc 97-22 affects Financial Services. An electronic storage system must ensure an accurate and complete transfer of the hardcopy or computerized books and records to an electronic storage media. The electronic storage system must also index, store, preserve, retrieve, and reproduce the electronically stored books and records.
For more information:
http://www.recapinc.com/irs_97-22.htm
Gramm-Leach Bliley Act: Requires financial services companies to implement safeguards for customers' current and legacy information. Gramm-Leach affects fiancial services such as brokers, dealer, exchange members. In essence, the act makes it illegal for a financial institution to share customer's "nonpublic personal information" with third parties unless the company first discloses its privacy policy to consumers and allows them to opt-out of that disclosure.
For more information:
http://www.senate.gov/~banking/conf/
hhttp://www.ftc.gov/privacy/glbact/
21 CFR 11: Defines the recommendations for managing audit trails, access control and electronic records retrieval. 21 CFR 11 affects healthcare and pharmaceutical companies. On February 20, 2003, the FDA released a new draft - Draft Guidance for Industry; Part 11, Electronic Records; Electronic Signatures - Scope and Application which changes the requirements for electronic records. It also withdraws many previous guidance documents on maintenance of records, e-copies of records, timestamps and validation.
For more information:
http://www.21cfrpart11.com
http://www.fda.gov/ora/compliance_ref/part11/
http://www.fda.gov/cber/gdlns/prt11elect.pdf
Dept. of Defense 5015.2, version 2: Defines the basic requirements based on operational, legislative and legal needs that must be met by records management application (RMA) products acquired by the Department of Defense (DoD) and its Components. DOD 5015.2 affects vendors of electronic records management software and document management products paired with RM software. Testing and certification program for software products.
Many gov't entities require RM software to comply with this standard. For a register of DoD certified products see: http://jitc.fhu.disa.mil/recmgt/
Government Paperwork Elimination Act: Requires federal agencies to accept electronic information and transctions. It also requires that they maintain electronic records. The Govt. Paperwork Elimination Act affect Federal Agencies. This work must be completed by October 21, 2003.
For more information:
http://www.whitehouse.gov/omb/fedreg/gpea2.html
http://www.archives.gov/records_management/ ...
NASD 3010 & NYSE 342: Requires member organizations to establish and maintain a system of supervision, demonstrate that their system is complete, evaluate it on a regular basis and ensure that it remains effective. NASD & NYSE affects Members of the National Association of Securities Dealers (NASD) and New York Stock Exchange (NYSE). Record-keeping requirements concerning Email communications.
For more information:
http://www.sec.gov/news/press/2002-173.htm