What a Company Needs to Think about to Become Compliant

Written by Carl Mazzanti
December 31, 2005
11:00 pm

What a Company Needs to Think about to Become Compliant

Federal Statutes

The Gramm-Leach-Bliley Act:
Requiring every business who accesses or uses a customer”s personal financial information to issue a privacy statement that notifies its customers “in clear and conspicuous language” on an annual basis how that information is collected and used and to comply with its stated privacy policy to protect the privacy of such information;

The Health Insurance Portability and Accountability Act:
Requiring every business who accesses or uses an individual”s protected health information to issue a privacy statement that notifies such individuals on an annual basis how that information is collected and used and to comply with its stated privacy policy to protect the privacy of such information;

The Sarbanes Oxley Act:
Requiring accountants who audit or review Financial Statements for a business to retain certain business records relating to that audit or review; and imposing criminal liability on any business that engages in document destruction, even nbso if such document destruction occurs before the business has any formal notice of an official proceeding, and without the necessity of proving a bad intent for the destruction, i.e., a “corrupt persuasion.”

Securities and Exchange Commission (SEC):
A 1997 amendment to the Securities and Exchange Commission (SEC) Act requires financial institutions to keep records of digital communications between broker/dealers and customers. Records must be stored on media that are not subject to change, are easily accessible for the first two years and retains unchanged for no fewer than six years.

What is required to be compliant?
Regulations today require a company”s top management to:

(a) Affirm their ultimate responsibility for the company”s internal financial controls in writing in their annual report;
(b) Provide an assessment of and attest to the effectiveness of those controls; and
(c) Obtain a separate report from a third-party auditor evaluating and validating management”s assessment of the company”s controls. To achieve this it will be critical to have controls, policies and procedures in place and documented.

What does this mean for business today?
Email is no longer a novelty to conduct business today for small or large, privately owned or publicly traded companies
Email is considered admissible as a business record in a court of law by way of defense against litigation

Carl Mazzanti

Carl Mazzanti is Co-Founder and President of eMazzanti Technologies, Microsoft’s four time Partner of the Year and one of the premier IT consulting services for businesses throughout the New York metropolitan area and internationally. Carl and his company manage over 400 active accounts ranging from professional services firms to high-end global retailers.

eMazzanti is all about delivering powerful, efficient outsourced IT services, such as computer network management and troubleshooting, managed print, PCI DSS compliance, green computing, mobile workforce technology, information security, cloud computing, and business continuity and disaster recovery.

Carl Mazzanti is also a frequent business conference speaker and technology talk show guest and contributor at Microsoft-focused events, including frequent prominent roles at the Microsoft Inspire (Worldwide Partner Conference / WPC).

Carl, a serial Entrepreneur, gives back to the community through Entrepreneur teaching engagements at Georgetown University, the company’s ocean wildlife conservation effort, the Blue Project, and Tree Mazzanti.