| LEADING COMPLIANCE STANDARDS, LAWS & REGULATIONS |
| Item |
Definition |
Affects |
Highlight |
More Info/Comments |
| SEC 17a-4 |
Store Electronic Records on non-rewritable, nonerasable format. Records retention; ability to capture, store and manage correspondence/ communications regarding business transactions |
Financial services such as brokers, dealers, exchange members |
Gives retention periods for securities broker/dealer records; stipulates requirements if electronic record-keeping systems are used |
Does not make technology use mandatory; Mentions imaging but does not stipulate it as the only usuable technology |
| Sarbanes-Oxley 404 |
Monitoring of the process involved in producing and changing financial records |
All publicly traded companies, public accounting firms, auditors, brokers, securities analysts |
For public companies, provides requirements for audit committees, financial reporting, insider trading, executive loans, change disclosure and management's assessment of controls |
Final rules for particular sections emerging, for example, Section 404 now requires assessment of financial controls rather than internal controls; Deadlines extended to 2004 for large companies, 2005 for small companies.
More information:
http://www.sar
banes-oxley.com/
http://www.sec.
gov/news/press/
2002-128.htm |
| Sarbanes-Oxley 409 |
Disclose information on material changes in the financial condition or operations of the issuer on a rapid and current basis |
All publicly traded companies, public accounting firms, auditors, brokers, securities analysts |
"Same as Sarbanes-
Oxley 404" |
Library services on content with the ability to track changes
More information:
http://www.sar
banes-oxley.com/
http://www.sec.
gov/news/press/
2002-128.htm |
| HIPAA |
Protects "Individually identifiable health information" that is, any data identified by name, social security, address or birth date whether it is electronic, paper or oral. Also requires patient notification of privacy policies. |
Health plans, including employer-sponsored health and all healthcare providers that transmit patient information electronically for claims, benefit eligibility, referral authorizations, etc. |
Security rule, effective April 21, 2005, requires best practices for assuring that electronic patient data is confidential, available as needed and maintained with integrity intact. |
For more information:
http://www.hep-c-alert.org/
links/hippa.html
http://www.hhs.
gov/news/press/
2002pres/hipaa.
html |
| Check 21 |
The law facilitates check truncation by creating a new negotiable instrument called a substitute check, which would permit banks to truncate original checks, to process check information electronically, and to deliver substitute checks to banks that want to continue receiving paper checks. |
Banking Institutions |
The Law was signed into law on October 28, 2003, and will become effective on October 28, 2004. The law does not require banks to accept checks in electronic form nor does it require banks to use the new authority granted by the act to create substitute checks. |
For more information:
http://www.federal
reserve.gov/pay
mentsystems/
truncation/
default.htm |
| IRS Rev. Proc. 97-22 |
Provides guidance to taxpayers that maintain books and records by using an electronic storage system that either images their hardcopy (paper) books and records, or transfers their computerized books and records, to an electronic storage media. |
Financial Services |
An electronic storage system must ensure an accurate and complete transfer of the hardcopy or computerized books and records to an electronic storage media The electronic storage system must also index, store, preserve, retrieve, and reproduce the electronically stored books and records. |
For more information:
http://www.recapinc.
com/irs_97-22.htm |
| Gramm-Leach Bliley Act |
Requires financial services companies to implement safeguards for customers' current and legacy information. |
Financial services such as brokers, dealers, exchange members |
In essence, the act makes it illegal for a financial institution to share customers' "nonpublic personal information" with third parties unless the company first discloses its privacy policy to consumers and allows them to opt-out of that disclosure. |
For more information:
http://www.sen
ate.gov/~banki
ng/conf/
http://www.ftc.
gov/privacy/
glbact/ |
| 21 CFR 11 |
Defines the recommendations for managing audit trails, access control and electronic records retrieval. |
Healthcare and Pharmaceuticals |
On February 20, 2003, the FDA released a new draft--Draft Guidance for Industry; Part 11, Electronic Records; Electronic Signatures - Scope and Application
which changes the requirements for electronic records. It also withdraws many previous guidance documents on maintenance of records, e-copies of records, timestamps and validation. |
For more information:
http://www.21
cfrpart11.com/
http://www.fda.
gov/ora/compli
ance_ref/part11/
http://www.fda.
gov/cber/gdlns/
prt11elect.pdf |
| Dept. of Defense 5015.2, version 2 |
Defines the basic requirements based on operational, legislative and legal needs that must be met by records management application (RMA) products acquired by the Department of Defense (DoD) and its Components |
Vendors of electronic records management software and document management products paired with RM software |
Testing and certification program for software products |
Many gov't entities require RM software to comply with this standard. For a register of DoD certified products,
see http://jitc.fhu.
disa.mil/recmgt/ |
| Government Paperwork Elimination Act |
Requires federal agencies to accept electronic information and transactions. It also requires that they maintain electronic records |
Federal Agencies |
This work must be completed by October 21, 2003. |
N/A |
| NASD 3010 & NYSE 342 |
Requires member organizations to establish and maintain a system of supervision, demonstrate that their system is complete, evaluate it on a regular basis and ensure that it remains effective |
Members of the National Assoc. of Securities Dealers (NASD) and New York Stock Exchange (NYSE) |
Record-keeping requirements concerning e-mail communications |
More information:
http://www.sec.
gov/news/press/
2002-173.htm |
