RE: [Full-disclosure] Re: SOX whistleblowers' clause Compliance

["Aditya Deshmukh" <aditya.deshmukh@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>]

See below marc email part

>> Aditya Deshmukh [aditya.deshmukh@xxxxxxxxxxxxxxxxxxxxxxxxxxxx] wrote:
>> 
>>If you read the last line in para 6 you will find that anon 
>> mailbox is
>> a requirement for SOX compliance. 
>> 
>> >And mailbox was ment for email Michael :)
>> 
>> >But I think that "with a post and some concrete" mailbox 
>> will be Indeed
>> be far more secure..... 

> From: Madison, Marc [mailto:mmadison@xxxxxxxx] 
> IANAL, But IMO use an Intranet web page that allows employees 
> to submit
> anonymous html post to the web server via html.  Now if your security
> policy is pervasive then surely auditing is enabled on all 
> your systems,
> thus removing any anonymity this would have provided.  Have you
> considered, dare I say, outsourcing?  I only say this since 
> part of the
> requirement calls for the company to provide sufficient anonymity to
> individuals reporting issues.  By the way the SOX whistleblowers
> requirements have already been challenged in court so there might be
> precedence on what is sufficient.

You must be a mind reader - you just read my mind. And google search shows 
Some email providers giving out this service for about US$ 89.99.

Maybe that is the best solution after all... 

You don't break your security policy and the auditors are also happy.


________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/