Laws and Regulations

It All Boils Down to This: Archiving is Necessary

In general, it's important to know that legal regulations, such as the Sarbanes-Oxley Act, require that E-Mail messages containing business-relevant information must be securely archived in their original format and retained for a certain period of time.

In practice, this might mean that E-Mail messages containing information relevant for taxation or bookkeeping purposes must be kept for up to ten years, and E-Mail messages with other business-relevant information must be retained for up to six years in an audit-proof manner.

Next to the requirements of the Sarbanes-Oxley Act, other regulations, such as the Handlesgesetzbuch (HGB), Grundsätze zum Datenzugriff und zur Prüfbarkeit digitaler Unterlagen ("DGPdU" for short), and the Basel II regulations also play an important role and stress the importance of E-Mail archiving, no matter where your organization is located.

Article 147

Article 147 of the Abgabenordnung (Revenue Code) states that retainable documents include sent and received trade and business correspondence, as well as other documents that are necessary for taxation purposes.

GDPdU Regulations

The GDPdU becomes relevant for organizations whenever tax officers need to be able to obtain access to IT systems in order to conduct a company audit. The policies often define that information relevant for taxation purposes must be kept in a format that can be analyzed through automated processes, such as specialized analysis software used by financial authorities.

Basel II Regulations

Banks are required to consider compliance to the regulations set by the Basel II agreement when performing credit ratings of organizations. Special attention is paid to the respective risk management processes, which also include the implementation of E-Mail archiving. If organizations show deficits in this area, the results often manifest in lower credit ratings, or, in more extreme cases, outright refusal of issuing loans.

Sarbanes-Oxley Act