2

My company is a private, family owned business. The company is head quartered in USA and also runs businesses in several countries including Mexico, UK, Canada, Carribean islands and few other countries in S.America.

Me and my boss had a discussion over lunch regarding IT compliance and we wondered what kind of mail archiving solution we need to pursue and what are the other IT related compliance we need to pursue.

Our processes include online and phone based sales, phone based customer support, w-9 (SSN and EIN) verification, etc.

Warner
  • 23,756
  • 2
  • 59
  • 69
Santosh Chandavaram
  • 245
  • 1
  • 2
  • 10
  • 1
    No only is this too localised, it's not even a sysadmin question. Once you know WHAT you need to do then you can ask questions about HOW to implement it. – John Gardeniers Apr 16 '10 at 05:38

1 Answers1

10

Ask a lawyer. Or one for each country. They know what you have to do (not how to do it, of course). After that, you can ask the "how?" here.

Sven
  • 98,649
  • 14
  • 180
  • 226
  • 2
    This. Definitely. Compliance is one of those issues which, while it's absolutely relevant to IT, can't be **answered** solely by IT. You must consult your businesses legal authority. Which for a small business, is most likely a lawyer they retain. – Chris Thorpe Apr 16 '10 at 01:18
  • Don't hire an IT Consultant. Talk to a lawyer, figure out what you really need. – Joseph Kern Apr 16 '10 at 01:41
  • Yes, seek an attorney's advice, but realize that not every attorney may be up to speed on E-Discovery and if they are, are able to translate that into what IT needs to do to be in compliance. Do you use payment card data? Then you need to be following the PCI Data Standard (very stringent). You may need to be concerned about HIPPA if you retain any employee medical records. – jl. Apr 16 '10 at 13:24