The role of email in Sarbanes-Oxley compliance cannot be overstated. The Sarbanes-Oxley Act of 2002 and associated rules adopted by Securities and Exchange Commission (SEC) require certain businesses to report on effectiveness of their internal controls over financial reporting. Effective internal controls ensure information integrity by mandating confidentiality, privacy, availability, controlled access, monitoring and reporting of corporate or customer financial information. Companies that must comply with Sarbanes-Oxley include U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. U.S. companies with market cap greater than $75M and on an accelerated (2004) filing deadline are required to comply for fiscal years ending on or after Nov. 15, 2004. All others are required to comply for fiscal years ending on or after April 15, 2005.

Because bulk of information in most corporations is created, stored, transmitted and maintained electronically, IT departments are responsible for ensuring that sound practices, including corporate wide information security policies and enforced implementation of those policies, are in place for employees at all levels. Information security policies should govern following items: •Network security •Access controls •Authentication •Encryption •Logging •Monitoring and alerting •Pre-planning coordinated incident response •Forensics Most of us would agree that today email is primary internal and external communication tool for corporations. Unfortunately, it is also one of most exposed areas of a technology infrastructure. Email systems are critical to ensuring effective internal control over financial reporting, encryption of external messages and active policy enforcement, all essential elements of compliance. Companies must install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur. An effective email security solution must address all aspects of controlling access to electronically stored company financial information. Given wide functionality of email, ensuring appropriate information access control for all of these points requires: •A capable policy enforcement mechanism to set rules in accordance with each company’s systems of internal controls; •Encryption capabilities to ensure privacy and confidentiality through secure and authenticated transport and delivery of email messages; •Secure remote access to enable remote access for authorized users while preventing access from unauthorized users; •Anti-spam and anti-phishing technology to prevent malicious code from entering a machine and to prevent private information from being provided to unauthorized parties. On a final note, some clear guidelines for a good and effective email policy include following points: a) Emails should comply with proper RFC protocols for email, 2) Employees should not attempt to obscure content or messages in emails, 3) Companies should post privacy policies where they can be read and understood, prior to submission of a request, 4) Employees should not send email to unverified or nonexistent email addresses, 5) Companies should offer users opportunities to opt-out of programs. Given that developments in email and Internet are changing so rapidly, it is essential to review email policy at least once every quarter. Keep an eye on new developments in email and Internet law so that you are aware of any new regulations and opportunities. When you release new updates, it is preferable to have each user sign as acknowledgment of their receipt of policy. With all of this said, if you want to reduce electronic risks in workplace you must take initiative. Electronic disasters can ruin businesses, sink careers, send stock prices plummeting, and generate public relations nightmares. Do not wait for a disaster to strike; prevention is always your best defense. Visit www.AntiSpamLeague.org and they will help you develop and implement written email usage and privacy policies that clearly reflect your organization's expected standards of electronic behavior, along with privacy and monitoring policies.

You'll get these from time to time. I delete them. People who send out emails like this never get a chance to correspond with me again.

Be personal. When you send someone email, at least check his/her web site to see if there is a name listed.

4. Typing in all caps or all small letters. I know email is cheap, but WHO WANTS TO BE SHOUTED AT? I read a lot of email every day, some of it junk, some of it important. I'm very forgiving to those whose second language is English, but if your primary language is English, could you please write your email same way you would write a real letter?

i don't like getting emails tht look lik this. i wonder about your iq.

You can delete those too unless it's really important. Maybe these people will read my article and take a hint.

Take time to write your emails where they are legible and easy to read. This is your reputation here. Show that you are a professional.

I know that occasionally I make a mistake here and there in thing I type. I probably write several thousands words a week. It's not intentional. A lot of what I see is though.

5. You subscribe to my newsletter list and then expect me to pay for you to receive email because you claim it's spam.

Yep, I had one of these too, only guy subscribed to my ecourse. 30 lessons. I was supposed to pay at least 15 cents for him to receive each email because he wouldn't approve receiving an ecourse he subscribed to.

Those, you can put on global remove. Save other webmasters with your web hosting trouble of doing it themselves.

6. You're not on vacation, but you reply anyway. I get quite a few of these. I delete them. I don't mind a customer or reader who is legitimately on vacation, but if you want to send me your offer, take time to write me an email. I don't have time to read autoreplies, and I might mistake it for spam and put you on my spam list.

Unless you really are on vacation, save autoreply for when you do go on vacation.

7. You don't include contact information or removal instructions. The part about removal instructions I already covered.

I'm always nervous about doing business with someone who doesn't offer contact information. I've even replied to a few emails that I thought were legitimate and they bounced.

If you want to build a relationship with someone, provide your information. Build credibility. Show that you are a legitimate business.

By now you are either laughing or fuming. Either one is ok. This article is meant to make you think about your reputation, your presentation, and your professionalism. If you really want to build a business online, and you really want to make money, then make every effort to look your best.

Although doing business online can sometimes be different from doing business offline, some things never change. Good manners is one of them.