RE: Re: SOX whistleblowers' clause Compliance

["Aditya Deshmukh" <aditya.deshmukh () online gateway strangled net>]

See below marc email part

> > Aditya Deshmukh [aditya.deshmukh () online gateway strangled net] wrote:
> >
> > If you read the last line in para 6 you will find that anon 
> > mailbox is
> > a requirement for SOX compliance. 
> >
> > > And mailbox was ment for email Michael :)
> >
> > > But I think that "with a post and some concrete" mailbox 
> > will be Indeed
> > be far more secure..... 

> From: Madison, Marc [mailto:mmadison () fnni com] 
> IANAL, But IMO use an Intranet web page that allows employees 
> to submit
> anonymous html post to the web server via html.  Now if your security
> policy is pervasive then surely auditing is enabled on all 
> your systems,
> thus removing any anonymity this would have provided.  Have you
> considered, dare I say, outsourcing?  I only say this since 
> part of the
> requirement calls for the company to provide sufficient anonymity to
> individuals reporting issues.  By the way the SOX whistleblowers
> requirements have already been challenged in court so there might be
> precedence on what is sufficient.

You must be a mind reader - you just read my mind. And google search shows 
Some email providers giving out this service for about US$ 89.99.

Maybe that is the best solution after all... 

You don't break your security policy and the auditors are also happy.


________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/