Unplugging IM because of SoX
companies may have to disable their instant messaging systems because of concerns
that the technologys security and archival controls arent strong
enough to comply with the law.
Section 302 of Sarbanes-Oxley requires CEOs and CFOs to certify
that their companies have established internal controls and are regularly evaluating
the effectiveness of the control measures.
Although many vendors offer tools for storing messaging traffic and protecting
against malware, enterprises may have to take a decision whether it may be simpler
to just unplug their IM systems. Another method could be to block outsider access
to IM and allow only internal users to use the application.