Skip Links

Network World

Matthew Nickasch

Compliance Concerns: SOX

By Matthew Nickasch on Mon, 07/07/08 - 6:36pm.

As if managing the day-to-day operations of your telecommunications infrastructure isn't difficult enough, then consider compliance. SOX, HIPAA... you know the drill. Modern-day regulations designed to improve security, confidentiality, and authenticity can mean major headaches for IT managers, especially telecom managers!

Today, we'll focus on how SOX can impact your day-to-day telecommunications operations, and what to expect.

The Sarbanes-Oxley Act was created and enacted into law to minimize corporate and accounting scandals, similar to Enron, Tyco, and WorldCom. Within SOX, there are 11 compliance "titles" that effectively act as an oversight mechanism. So, how does SOX affect telecom managers? Simple answer: in many ways.

Obviously, technology, especially in the telecommunications field, has improved drastically since the advent of PBXs, voicemail, and unified messaging. In the old analog form, it was nearly impossible without the use of tape recording equipment to preserve phone conversations and messages. Now, with VoIP, unified communications, and WAV voicemail attachments, things have changed. It is much easier to preserve and archive old voicemail messages, recordings of phone calls, and databases of call detail records.

Regardless, the format or method of the stored communications isn't the problem. Instead, it's the obligation of communication preservation that can dramatically effect your organization. But wait! What about all of the meaningless calls between coworkers and their families that have nothing to do with SOX compliance? Are those conversations and messages required to be kept and archived?

Rules on retaining communications are dictated by subject matter. While telecom technology has matured drastically, it still can't distinguish accurately about what content to save, and what to discard - automatically, that is.

Unfortunately, there are always ways around the auditing system, and no blend of technology has made it 100% foolproof. In the case of account codes, it's very easy for a user to use a personal account code to mask "illegal" conversations in order to prevent archiving mechanisms to record them.

In the end, it all comes down to this: consult with a SOX-trained legal firm to ensure your organization is "telecom + SOX" compliant. Until the legal system "catches up" with technology, SOX compliance in the telecom sense, will continue to be a very gray area.

About Considering Convergence
Matthew Nickasch is an independent consultant and analyst in the IP communication and convergence fields. His current and previous consulting experience includes systems architecture, virtualization, telecommunications, and converged networks for the financial, education, and healthcare industries. In addition to his consulting responsibilities, he has been active in the research realm, recently publishing and presenting on topics including routing protocol security and ERP and transactional database auditing. While his interests include directory services and corporate compliance, Nickasch's focus is on converged networks and IP communications.
 

Most Discussed Posts

On The Web
Facebook
LinkedIn
Blog Roll
Inside the Asterisk
http://blogs.digium.com/
Nearpoints
http://www.networkworld.com/community/mathias