IANAL, But IMO use an Intranet web page that allows employees to submit anonymous html post to the web server via html. Now if your security policy is pervasive then surely auditing is enabled on all your systems, thus removing any anonymity this would have provided. Have you considered, dare I say, outsourcing? I only say this since part of the requirement calls for the company to provide sufficient anonymity to individuals reporting issues. By the way the SOX whistleblowers requirements have already been challenged in court so there might be precedence on what is sufficient.
Aditya Deshmukh [EMAIL PROTECTED] wrote: >If you read the last line in para 6 you will find that anon mailbox is a requirement for SOX compliance. >And mailbox was ment for email Michael :) >But I think that "with a post and some concrete" mailbox will be Indeed be far more secure..... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/