> If you are privately held, then you must do as your boss dictates...
Private corporations are subject to plenty of regulations; SEC and
HIPAA just as valid for private as for public, if your line of
business is relevant. Sarbanes-Oxley does not technically apply to
private companies, but is being adopted as a best practice by
companies that may go public or have business relationships with
public companies.
This doesn't mean that a mom-and-pop bakery needs to comply with
anything. But the questions I would ask are:
- How do I track delivery failures without logs?
- Does the boss really think that stopping logging--which gives _less_
info than, say, sniffing the wire or opening MBXs--adds to security?
- Does the boss understand that Exchange allows head-of-household
Administrators (that is, admins who have no technical superiors at a
site) to manage their own permissions to mailboxes?
- Has he ever heard of encryption?
Generally, I wouldn't worry about the legal angle for a small private
company that makes an legally-informed decision not to keep logs--I'd
worry about the stupidity.
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
