Protect your business with auditable, compliant IM

Man at work on his laptopCompanies are under increased regulatory and compliance pressures. Today, a lack of user management, security and records retention controls for employee use of communications technologies (including IM) means increased legal risk and personal accountability for corporate officers. When organisations implement business communication solutions such as IM, they must also ensure adequate management controls.

ChatSure Compliance Overview

ChatSure fulfils Sarbanes-Oxley, SEC (Securities and Exchange Commission), and HIPAA (Health Insurance Portability and Accountability Act) requirements:

Records management
To comply with the basic requirements of Sarbanes-Oxley, companies need a records management system, and IM must be included as part of this. ChatSure automatically logs and archives instant messages in a time-stamped audit-ready format. IM session data is stored on a secure external server, providing a secure, searchable, managed repository of data which can only be accessed by company personnel with the required security clearance.

Compliance supervision
Sarbanes-Oxley section 404 requires an annual evaluation of internal controls and procedures for financial reporting, as well an assessment for the effectiveness of these controls. When electronic communications like IM are involved in that process, these communications need to be logged, archived and available upon request.
The National Association of Securities Dealers (NASD) demands communications over IM must be either managed and maintained according to its 3010 and 3110 rules, or disallowed entirely. Rule 3010 states that companies must supervise the communications between staff and the public and ensure compliance with company-defined policies. ChatSure allows organisations to sample IM and gives the ability to quarantine incoming and outgoing messages, recording and logging the samples.

Records retention and preservation
NASD members are required to treat IM as e-mail or written records for retention purposes. Both NASD and Sarbanes-Oxley section 802 require tamper-proof records for electronic communications including IM. With ChatSure, IM sessions are stored in a non-rewritable, non-erasable format.

Efficient search and retrieval
The U.S. Securities and Exchange Commission (SEC) requires companies to ensure specific retention periods and to be able to quickly search and retrieve selected archived information, including instant messages. Messages must be stored for a minimum of three years, with the first two in an easily accessible place - ChatSure allows this.

Deleting records
Enterprises need to retain records for the SEC's legally specified time or for the time outlined by their industry-specific regulations. Retention beyond that period could increase enterprise risk during a legal discovery.

Duplicate storage
A duplicate copy of the records must be stored separately from the original in tamper-proof format. ChatSure data is backed up daily and stored in a secure, access controlled fire safe.

Healthcare Sector
In healthcare, HIPAA regulations apply to all organisations that have access to patient information. HIPAA requires protection of confidential patient information and suggests that any oral, written or electronic communications be captured and stored, including IM.

Find out more about our Hosting & Data Vault Security Procedures

 

Download ChatSure Product Data SheetsTry ChatSure free for 30 days