SOX: Sarbanes-Oxley Act

• Focus on any internal financial controls that may exist within your VoIP system.

• Consider applicability of cross-IT security standards to your VoIP system.

GLBA: Gramm-Leach-Bliley Act

• Make sure that your VoIP system is included in risk management processes for GLBA compliance plans.

• Consider FDIC VoIP recommendations when evaluating GLBA compliance.

• Document VoIP system compliance as you would any other part of the data infrastructure.

HIPAA: Health Insurance Portability and Accountability Act

• Pay special attention to VoIP components or adjuncts that record calls or conversations.

• Don t forget Interactive Voice Response (IVR) systems when evaluating HIPAA impact to VoIP systems.

• Ensure you have complete documentation per HIPAA requirements.

CALEA: Communications Assistance for Law Enforcement Act

• Don t assume you re not considered a carrier (or substantial replacement) for CALEA purposes if you provide communication services to the public in any form the new rules may apply to you too.

• Find an appropriate technical standard and drive your software or equipment vendor toward compliance.

• Be sure to file all necessary paperwork with the FCC.

E911: Enhanced 911 and Related Regulations

• Be sure to investigate and comply with local regulations that mandate ALI support, even if you re not a carrier.

• If you are a VoIP carrier, you must provide E911 services or risk substantial penalties or fines.

EU and EU Member States eCommunications Regulations

• Remember that VoIP services are treated equally with other communications services in the eCommunications regulatory framework.

• Pay close heed to data privacy regulations and...