The financial services market has been through some very tough times lately. With multiple bank failures and problems at lending firms, there's even more uncertainty on the horizon. As you have most likely read in the news, investigations are being launched against C-level employees, investment, and accounting firms to 'get to the bottom' of this mess. Undoubtedly, information will be subpoenaed. Investigators will ultimately try to obtain call detail records to narrow down the 'paths of communication.'
For this Wednesday, take a minute and evaluate your logging, archiving, and compliance methods. Back in May, I wrote a post titled "It's 8:00am - Is Your CDR Working?" The premise is literally the same; those call records are incredibly important. It's always beneficial to research the "hows, whys, whens, and whos" of compliance with your logging environments.
Fortunately, or unfortunately, for all of our financial services readers, we now have compliance acts in place like Sarbanes-Oxley. But, what does this mean? There are a lot of websites, whitepapers, and documents available out on the web detailing compliance concerns for acts like Sarbanes-Oxley. However, as you will likely find, they contain contrasting information, leaving the end user with a large headache.
Best advice? If you're not comfortable with your logging, archival, and retention methods, get a professional audit. Find legal advice from those with experience in your compliance area. Compliance is a necessary evil. Your logging environment doesn't want to be the weakest link in an audit, or worse, a subpoena.
We want to know! How do you handle compliance issues such as CDR archival and retention?
The Leader in Network Knowledge
