What are the SEC rules for email archiving?
What are the SEC rules for email archiving?
Feb 22nd
Investing in the stock market is a high stakes gamble, with one swing either way making or breaking an investment firm or investor – as many have painfully learned during the past two recession-marred years. And, because of what’s at stake, the U.S. Securities and Exchange Commission was created out of the Securities Exchange Act of 1934 to regulate the industry, which at the time was decimated by the Great Depression.
As the financial industry has changed, along with the means for conducting business within it, so too have compliance regulations. One of the more recent, and most significant, rule changes is the inclusion of email archiving mandates.
According to the SEC, requirements for the retention and archiving of electronic communications was made effective by Rule 17a-4, enacted on May 12, 2003. Looking back, the rule was necessary at the time, as a Cohasset Associates survey published in April 2003 revealed that 53 percent of financial organizations did not include electronic records, including email, in their records management program. And 39 percent said they did not have an email retention policy.
That was all forced to change once the law’s rule change was put into effect. Still, financial companies can use a refresher on regulatory mandates every so often.
What must be archived?
According to the SEC, broker-dealers may preserve records from “electronic storage media,” as many now deal in such communications anyway. Rule 17a-4 of the Exchange Act, defines the term as “any digital storage medium or system,” which includes email.
In terms of material that must be stored, financial institutions are required to retain a record of each securities transaction they administer, as defined in Rules 17a-3 and 17a-4. This includes any investments they broker, such as the buying and selling of stocks.
The retention of such transactions, information of which may be found in stored emails, is an integral part of the SEC’s ability to protect investors. These records can be used to audit compliance among financial institutions.
How must data be stored?
According to the law, electronic records must be archived in a non-rewritable and non-erasable manner. Records must also be easily accessible when stored. These mandates will ensure the stored document or email is the original and hasn’t been altered, and they can be retrieved in a timely manner.
Of course, this is easily accomplished through the use of an email archiving solution, which the SEC endorses for companies to the meet regulatory compliance.
“One method using such a system stores a specified expiry or retention period with each record or file system. The system blocks record deletion or alteration by any manner of intervention until the expiry is reached or the retention period has lapsed,” an interpretation of the SEC rule posted on the organization’s website states.
For how long must records be stored?
Here’s where a lot of financial institutions run into much confusion regarding their data archiving requirements. Even the aforementioned interpretation of rule changes refers only to a “specified time period.”
According to the SEC, in general, these can be any organization, association, person, group of persons or system that constitutes, maintains, or provides a market place or facility for bringing together purchasers and sellers of securities.
And, according to the SEC, archives must hold electronic data for six months with immediate access, and with non-immediate access for a period of at least two years. Following the specified time period, data may be deleted without regulatory repercussions.
Should you install Windows 7 Service Pack 1
Last week, Microsoft released Service Pack 1 for Windows 7 and Windows Server 2008 R2. I’ve been monitoring the release in online forums and via individual reports since then. I’ve also talked, unofficially, with some people who have access to Microsoft’s customer support database.
At that time, I noted that this “looks like a successful rollout.” Everything I’ve seen since then suggests that there are no widespread issues with Service Pack 1. Microsoft representatives who have looked into the release have also confirmed for me that they are not seeing any indication of significant issues with the update on Windows 7.
That doesn’t mean 100% of installations will be trouble-free. SP1 doesn’t add any new features, but it is a major update. Given the complexity of the PC ecosystem, it’s inevitable that there will be some hiccups in the process. For example, one reader pointed me to this lengthy thread on Microsoft’s TechNet forums, which highlights a troublesome issue that arises when all language packs are installed on Windows 7 Ultimate or Enterprise. If that describes your setup, I strongly recommend reading this thread before starting an SP1 update.
Fortunately, that type of error seems to be extremely rare. The more common (and still rare) outcome is an SP1 installation that fails to complete, leaving the system unchanged and still usable. This happened to one of my readers, who noted that she received error 0×800f0826 at the end of the installation process. A quick search of the TechNet forums finds other reports of this specific error, which has been associated with Vista service packs as well. This error reportedly occurs on some systems where the third-party DriverSweeper utility has been used. If you encounter this issue you might be able to fix it by running the System Update Readiness Tool and then reattempting the SP1 installation. According to Microsoft, this tool is automatically offered to machines where the Service Pack installer detects inconsistencies such as store corruption.
Should you avoid Service Pack 1? That’s certainly the most conservative approach. Given that SP1 is primarily a rollup of previously issued updates and hotfixes, there’s no compelling reason to install it today. If you’re cautious, feel free to wait a little longer. For network administrators who want to continue testing before deploying SP1, use the official SP1 Blocker toolkit from Microsoft to prevent SP1 from being delivered through Windows Update. (Note that this toolkit blocks the SP1 files from being offered through Windows Update until February 22, 2012. It does not prevent the installation of the service pack from CD/DVD, or from the stand-alone download package.)
If you decide to press ahead with an SP1 installation, some basic precautions are in order, the same ones you should use with any important upgrade:
- Create a manual System Restore point first. That gives you the option to roll back to the current configuration in the event of a problem. (Click Start and type restore point in the search box to see the Create a restore point option.)
- Perform a manual image backup of your system drive before starting the SP1 install. Every version of Windows 7 offers the option to create a system image that can be saved on an external hard drive and restored from a repair disk. The process is quick and easy, and it provides a foolproof recovery option even from a worst-case failure. To create a backup image, type backup in the Start menu search box and use the Backup and Restore utility.
In the event you do encounter an SP1 installation issue, you can find excellent support resources at Microsoft’s TechNet forums. That should be your first stop if you need help with any SP1 issue.
If you have other reports to share, please feel free to leave them in the TalkBack section or use the comment link to send them to me via email. I’m continuing to monitor these reports.
Microsoft OS lifecycle
In an ideal world, old versions of Windows would roll off Microsoft’s list of supported products and be replaced by new ones at regular, predicable intervals. That upgrade cycle has been anything but smooth and predictable in recent years, however. Microsoft’s support policy is still returning to normal after XP was allowed to live well past its normal retirement date and then got multiple extensions to placate customers who just said no to Vista.
Microsoft product lifecycle policy is actually quite coherent and easy to understand, at least on paper.
Microsoft has a well-documented support lifecycle for its software products. It’s part of the agreement that the company makes with everyone who installs Windows, especially business customers who want some assurance that they’ll be able to get updates and support for operating systems and applications even if they choose not to upgrade to the latest and greatest.
Now that Windows 7 is firmly entrenched in the marketplace, I’m starting to get questions about its life span (and it doesn’t help when high-profile web sites and bloggers get the facts dead wrong, as they did last month with the bogus “XP in 2020″ story). To help clear the air, I’ve put together a chart listing all of Microsoft’s supported operating systems. The calculations start with the general availability (GA) date for each product. Consumer operating systems are supported for five years after their GA date, and business OSes are supported for 10 years (with the last five years classed as “extended support”). The official date of retirement for support is the second Tuesday in the first month of the quarter following that anniversary (which also happens to be Patch Tuesday), which means each support cycle typically gets a few weeks or months of extra support tacked on at the end.
For Windows 7, you can do the math yourself. The GA date for all Windows 7 editions was October 22, 2009. Five years after that date is October 22, 2014. The next calendar quarter begins in January, 2015, and the second Tuesday of that month is January 13. So, that’s when mainstream support is scheduled to end. Extended support for business editions goes an extra five years, until January 14, 2020 (the second Tuesday of the month).
For Windows XP, however, those calculations don’t work, because Microsoft has extended XP’s life artificially. To find XP’s end-of-support date, you should use the Microsoft Product Lifecycle Search page to get the official answer. Enter the name of the OS and click Search, and you get back a table that shows the general availability date, the retirement dates for mainstream and extended support, and retirement dates for service packs, which are governed by a separate set of rules.
Here’s the set of search results for Windows XP:
The one date that matters most on this chart is the one I’ve circled in red—April 8, 2014.
Service Packs 1 and 1a were retired back in 2006. Service Pack 2 rode off into the sunset last month, on July 13. And Service Pack 3 will be retired along with all editions of Windows XP on Patch Tuesday, April 8, 2014.
By that time, Windows 8 will probably be well past its first birthday, and Microsoft will (at least for a short time) be supporting four separate Windows versions. Here’s a table that summarizes the support policy for all of the current Windows desktop versions:
Maximizing UPS Availability
Uninterruptible power systems (UPSs) play a vital role in ensuring IT reliability. As a result, their reliability is a crucial consideration too. Any time a UPS fails, mission-critical electrical loads are potentially at risk.
What, then, can organizations do to optimize UPS availability? As this white paper shows, the conventional answers to that question are often not the best ones. UPS reliability is ultimately less a function of UPS design such as the differences between line-interactive and double-conversion products than of overall power system design. In the end, the surest way to increase UPS availability is to focus on minimizing repair time and maximizing redundancy, both inside your UPSs and across your power protection scheme as a whole.
In addition, this white paper also explains why, contrary to popular belief, modular UPS designs provide superior availability even though they typically contain more parts that could potentially fail.