Description

Enterprise Vault can be leveraged in conjunction with detailed and documented policy, processes and procedures to assist in meeting the various regulatory requirements for dealing with ESI (Electronically Stored Information).  The customer of any technology needs to provide clear and concise documentation in regards to how they configured their environment, the technology and process and procedures around the control of that environment, and need to be prepared to defend the solution to the regulatory body.  Enterprise Vault in conjunction with the Discovery and Compliance Accelerator products can be leveraged to assist in this process in the following way:

SEC 17a-4 and 17a-3 requirements.

Enterprise Vault automatically indexes and archives ESI up to and including content from email, file systems, instant messages, Microsoft SharePoint Portal Server and custom applications. The process of archiving can reduce the amount of storage consumed by the frontline application, thus reducing the ongoing load on the operational backup process. Archived information can be rapidly searched, retrieved and deleted to satisfy corporate and regulatory requirements. Through the addition of the Compliance Accelerator and Discovery Accelerator modules, Enterprise Vault can support a wide variety of compliance requirements, including regulatory audits, support of legal discovery requirements and retention requirements. Enterprise Vault supports many "write once-read many" storage devices to ensure archived records are retained as required.

Enterprise Vault eliminates the need for personal archiving through its policy-driven archiving process, which moves older content out of the primary application store into a scalable and secure archive repository. Enterprise Vault can archive content from a number of content platforms— including Microsoft® Exchange, Lotus Domino®, Microsoft Windows® File Systems, and Microsoft Windows SharePoint® Services as well as by leveraging connectors for instant messages, database records, SAP records, faxes, and more. A retention policy is assigned to each item as it is archived, and under most policies, the end user cannot tamper with or dispose of the archived content until the end of the configured retention period. Once the retention period has expired, Enterprise Vault will automatically delete it permanently (assuming there are no legal holds placed on the item). This retention period can be as short or as long as the organization requires, and it can vary by user, mailbox folder, and even message content.  Enterprise Vault stores the original message and attachments in native format (e.g., MSG, DXL, EML, NSF) along with an HTML copy of the messages and attachments.

With Discovery Accelerator's legal hold feature, an item's expiration date is disabled until such time that the legal hold is lifted.  If multiple legal holds are placed on an item, the last hold to be lifted re-enables the retention of that item (or items).

Third Party Access

Third party access is required to comply with the SEC 17-a4 regulation for broker dealer data ". . . every member, broker or dealer exclusively using electronic storage media for some or all of its record preservation must have an arrangement with a third party who can provide the SEC with access to a broker-dealer's records upon request . . .".

The use of Enterprise Vault with the appropriate storage technology and infrastructure provides the ability to store the data as required, but Veritas does not provide third party access as a service.  Some companies have various agreements with other vendors to provide third party access.  In the event it is requested by a customer we have partners which are able to perform the service.

Support for FINRA 3010 & 3011 (formerly NASD) requirements around supervision of electronic communications.

Enterprise Vault Compliance Accelerator enables financial services companies to quickly perform cost-effective supervisory review of email and other electronic communications, helping ensure compliance with SEC and FINRA (formerly NASD) regulations requiring active supervision of electronic messaging systems. Compliance Accelerator a highly-configurable add-on to Enterprise Vault email and content archiving software, provides broker-dealers with a tool for enterprise-scale review of email, instant messages, Bloomberg and digital fax messages.

Information Foundation and Enterprise Vault in particular can be configured to support the following regulatory requirements in their respective countries (Please note: this list is not all-inclusive):

USA:
- FRCP
- GLBA
- SEC 17a-4
- HIPAA
- ISO 18501/ 18509
- FDA 21 CFR Part 11
- Sarbanes-Oxley
- OSHA, ADA, FLSA (USA)

Italy:
- AIPA

France:
- NF Z 42-013

UK:
- Public Records Office
- Financial Services Authority
- BSI PD0008
- Basel II Capital Accord

Japan:
- Electronic Ledger Storage Law
- 11MEDIS-DC

Germany:
- GDPdU & GoBS

Canada:
- Canadian Electronic Evidence Act

Specific Regulations in which Enterprise Vault can assist:
- "FINRA (NASD) Rule 3010"
- "FINRA (NASD) Rule 3011"
- "SEC Rule 240.17-a3"
- "SEC Rule 240.17-a4"
- "Sarbanes and Oxley"
- "NYSE 440"
- "Federal Rules of Civil Procedure"
- "ERISA Section 107"
- "The Investment Company Act"
- "The Investment Advisors Act of 1940"