Full Disclosure mailing list archives
RE: Re: SOX whistleblowers' clause Compliance
From: "Madison, Marc" <mmadison () fnni com>
Date: Thu, 1 Dec 2005 08:36:02 -0600
IANAL, But IMO use an Intranet web page that allows employees to submit anonymous html post to the web server via html. Now if your security policy is pervasive then surely auditing is enabled on all your systems, thus removing any anonymity this would have provided. Have you considered, dare I say, outsourcing? I only say this since part of the requirement calls for the company to provide sufficient anonymity to individuals reporting issues. By the way the SOX whistleblowers requirements have already been challenged in court so there might be precedence on what is sufficient. Aditya Deshmukh [aditya.deshmukh () online gateway strangled net] wrote:
If you read the last line in para 6 you will find that anon mailbox is
a requirement for SOX compliance.
And mailbox was ment for email Michael :)
But I think that "with a post and some concrete" mailbox will be Indeed
be far more secure..... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Re: SOX whistleblowers' clause Compliance Madison, Marc (Dec 01)
- RE: Re: SOX whistleblowers' clause Compliance Aditya Deshmukh (Dec 01)
- SOX whistleblower requirements challenged in court? (Was SOX whistleblowers' clause Compliance) Jesse W. Asher (Dec 02)
- <Possible follow-ups>
- RE: Re: SOX whistleblowers' clause Compliance wilder_jeff Wilder (Dec 01)
- RE: Re: SOX whistleblowers' clause Compliance Madison, Marc (Dec 01)
- RE: Re: SOX whistleblowers' clause Compliance Aditya Deshmukh (Dec 01)
- Re: Re: SOX whistleblowers' clause Compliance InfoSecBOFH (Dec 02)
- Re: Re: SOX whistleblowers' clause Compliance R S (Dec 02)
- RE: Re: SOX whistleblowers' clause Compliance Aditya Deshmukh (Dec 01)