Compliance for IM and SMS 2463

  • I was wondering if anyone has any solutions for SMS and IM compliance?
    I am aware of Blackberry and similar gateway solutions, but are there any other systems available which better serves smaller size firms?

  • I would see this as two seperate topics probably.
    Obviously in the financial services world IM compliance and security can be extremeley important especially in trading activities where IM conversations may need to be monitored and as such there are quite a lot of products out there.
    The usual suspects, forrester, gartner, techrepublic, etc should be able to give you some suggestions for next steps.
    What do you do via SMS that you need compliance over that?

  • I use SMS in the same manner as IM, and also am looking to start using IM forwarding to SMS.

  • SOX 404 is silent on IM or SMS choices or specifics, as a wide range of technology choices are available. While security considerations for either technology are definitely present, they might fall into the general category of IT General Controls.
    With that said, RIM’s proprietary Blackberry network does provide excellent security for corporate users (although like any product it must be patched routinely and any developments must be followed closely)
    Instant Messaging solutions are more vulnerable to worms and virus attacks. In fact, many companies ban these products or use it strictly on their networks without Internet connectivity (e.g., if you have Lotus Notes, Sametime provides an encrypted and very secure messaging facility).
    Still even if an area that is more applicable for ITGC controls – it should be included in the scope of making IT controls for Financial systems as secure as possible. If a weakness is found in IT security controls for automated financial systems, the external SOX auditor will most likely include this finding in their reports as well.

Log in to reply