Some enterprises have implemented the Exchange journaling feature, to meet some of their regulartory compliance needs.  Some of the well-known U.S. regulations with requirements that may rely on Exchange 2003 archiving/ journaling technology.


Some of these include, the Sarbanes-Oxley Act, SEC Rule 17A-4,  NASD 3110 and 3111,  Gramm-Leach-Bliley Act (GLBA)(Financial Institution Privacy Protection Act of 2001, Financial Institution Privacy Protection Act of 2003) ,  Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA),  Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (Patriot Act) e.t.c

Read Supporting Regulatory Compliance with Exchange Server 2003 to learn about the Current Regulatory Environment and how Exchange can  play a role.

The whitepaper states: "Numerous federal regulations affect businesses today. Financial services organizations now face rules and regulations established by the Securities and Exchange Commission (SEC) and National Association of Securities Dealers (NASD), which have long overseen the financial industry. The healthcare industry has rushed to meet the requirements of the HIPAA.

Other broad-reaching regulations, such as Gramm–Leach–Bliley (GLBA) and SOX, require businesses in other industries to focus on how they safeguard, disseminate, store, and track financial information. In fact, many states have enacted regulations that overlay federal regulations. Therefore, it is important that your organization complies with any applicable state, district, and industry laws as well as with the pertinent federal regulations.

Many of these regulations affect how, where, and how long organizations must maintain electronic records, including e-mail. Regulatory compliance is complex and should be overseen by legal counsel. The following regulations pertain to many organizations and present a simple overview of today’s regulatory environment.

Sarbanes–Oxley Act

The Sarbanes–Oxley Act requires that:

·         Executives of publicly traded companies certify the validity of the company’s financial statements

·         Financial control and risk mitigation processes be documented and verified by independent auditors

·         Companies implement extensive policies, procedures, and tools to prevent fraudulent activities

SEC Rule 17A-4

SEC Rule 17A- 4 requires that:

·         Original copies of all communications, such as interoffice memoranda and communications, be preserved for a period of no less than three years, the first two in an easily accessible location

·         Records be maintained, preserved, and available to be produced or reproduced using either micrographic media (such as microfilm or microfiche) or electronic storage media (any digital storage medium or system)

Gramm-Leach-Bliley Act

The Gramm–Leach–Bliley Act (Financial Institution Privacy Protection Act of 2001), amended in 2003 to enhance the protection of nonpublic personal information, requires that financial records be properly secured, safeguarded, and eventually disposed of in a manner that completely destroys the information so that it cannot be further accessed.

Healthcare Insurance Portability and Accountability Act of 1996

The Healthcare Insurance Portability and Accountability Act of 1996 requires that:

·         Security standards be adopted to control who can access health information to provide audit trails for computerized record systems and to meet the needs and capabilities of small and rural health care providers

·         Health data is isolated and inaccessible to unauthorized access

·         Transmission of health information is physically, electronically, and administratively safeguarded to ensure the confidentiality of data"


Download the Exchange 2003 journaling whitepaper today, and learn how the archiving features of Exchange, and how it can assist your regulatory compliance objectives.