Office 365 and SEC Rule 17a-4 requirements
Tim Tetrick
I’ve had several questions lately asking whether Office 365 and its archiving capabilities are able to meet SEC Rule 17a-4 requirements. Many financial institutions such as banks and broker-dealer organizations are subject to Rule 17a-4, which is issued by the Securities and Exchange Commission (SEC) with respect to electronic data storage. Rule 17a-4 has specific requirements pertaining to length, format, quality, availability, accountability, and other aspects of record retention. Knowing whether an archiving solution can support Rule 17a-4 requirements is often a key consideration for SEC-regulated customers in technology adoption.
Despite some confusion on this topic in the past, Office 365 Exchange Online Archiving (EOA) does indeed meet SEC Rule 17a-4 requirements. To help customers better understand how the EOA service can be leveraged to meet their regulatory obligations, Microsoft has made available a white paper specifically concerning EOA and Rule 17a-4 requirements. The white paper provides an in-depth analysis of Exchange Online features and functionalities against each of the requirements under Rule 17a-4 and also demonstrates to regulated customers how EOA can enable them to meet these requirements.
The white paper can be downloaded at MICROSOFT EXCHANGE ONLINE ARCHIVING, DATA RETENTION AND RULE 17A-4 COMPLIANCE
The Exchange Online Archiving (EOA) service is included as part of Office 365 E3-E5 plans, as well as Exchange Online Plan 2. It can also be added on to other Office 365 plans such as Business Essentials, Business Premium, E1, and Exchange Online Plan 1. For more details, see the Exchange Online Archiving Service Description under “Exchange Online Archiving plans”.
For more information on additional compliance standards of Office 365, see the Office 365 Trust Center at https://products.office.com/en-us/business/office-365-trust-center-compliance