lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Thu Dec  1 14:36:18 2005
From: mmadison at fnni.com (Madison, Marc)
Subject: Re: SOX whistleblowers' clause Compliance

IANAL, But IMO use an Intranet web page that allows employees to submit
anonymous html post to the web server via html.  Now if your security
policy is pervasive then surely auditing is enabled on all your systems,
thus removing any anonymity this would have provided.  Have you
considered, dare I say, outsourcing?  I only say this since part of the
requirement calls for the company to provide sufficient anonymity to
individuals reporting issues.  By the way the SOX whistleblowers
requirements have already been challenged in court so there might be
precedence on what is sufficient.


Aditya Deshmukh [aditya.deshmukh@...ine.gateway.strangled.net] wrote:

>If you read the last line in para 6 you will find that anon mailbox is
a requirement for SOX compliance. 

>And mailbox was ment for email Michael :)

>But I think that "with a post and some concrete" mailbox will be Indeed
be far more secure.....

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux