SlideShare une entreprise Scribd logo

10 Steps to Effective Email Retention Policy

Antony
Antony
Technologie
1  sur  12
WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 10 Steps to Establishing an Effective Email Retention Policy JANUARY 2009 Eric Lundgren I N FO R M AT I O N G OV E R N A N C E
Table of Contents Executive Summary SECTION 3: BENEFITS 8 Improving Email Management Policies Through SECTION 1: CHALLENGE 2 Technology The Need to Better Manage Email Retention Reduce eDiscovery Costs Policies Improve Regulatory Compliance Litigation Readiness Reduce the Risk of Sanctions Regulatory Compliance Improve IT Performance without Increasing Knowledge Management Costs Balancing Retention with Costs and Enhance Data Acces Performance SECTION 4: CONCLUSIONS 9 SECTION 2: OPPORTUNITY 4 Developing and Implementing an Email SECTION 5: REFERENCES 9 Retention Policy Define an Email Policy SECTION 6: ABOUT THE AUTHOR 9 Eliminate the Variables Hindering Centralization Educate Employees About the Retention Policy Incorporate Relevant Regulations into the Retention Policy Identify Roles With Unique Retention Requirements Balance Retention Guidelines and Related IT Costs Provide Employees With Access to Archived Messages Ensure That Retention Policies Can Accommodate Legal Holds Validate That all Messages Are Archived Use Technology to Enforce Retention Policies Copyright © 2009 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. THIS DOCUMENT IS FOR YOUR INFORMATIONAL PURPOSES ONLY. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENT, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, LOST INVESTMENT, BUSINESS INTERRUPTION, GOODWILL OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CA does not provide legal advice. Neither this document nor any software product referenced herein shall serve as a substitute for the reader’s compliance with any laws (including but not limited to any act, statue, regulation, rule, directive, standard, policy, administrative order, executive order, etc. (collectively, “Laws”)) referenced herein. The reader should consult with competent legal counsel regarding any such Laws.
Executive Summary Challenge In order to address growing eDiscovery, compliance and knowledge management requirements, organizations must retain a greater number of emails than ever before. Yet with such a large percentage of internal and external business communications performed via email, this is becoming an increasingly difficult task — one with which many struggle to keep pace. What’s more, as the volumes of messages requiring retention grow, so too, do the related storage, retrieval and administrative costs. To address these challenges — and prepare for litigation and compliance reviews — enterprises need a standardized, policy- based email retention system that ensures all relevant messages are stored safely and in accordance with any pertinent industry laws and governing bodies. Opportunity Building a well-planned, enterprise-wide email retention policy helps establish uniform and consistent rules for all email and electronic records. Such a policy outlines email content, sets retention and deletion criteria and provides the flexibility to accommodate litigation holds and enable role-based user access. Leveraging a robust Information Governance solution also helps simplify the management of this process. The ideal solution should automate retention policy enforcement and task documentation, while providing an archiving and retrieval engine that streamlines an organization’s ability to locate messages for audits, litigation and eDiscovery in a timely and cost-effective manner. Benefits Using an automated Information Governance solution as the authority to manage an email retention policy enables organizations to meet eDiscovery, compliance and knowledge management requirements, while improving email system performance and reducing costs. Specifically, organizations can: • Reduce eDiscovery costs • Improve regulatory compliance • Reduce the risk of sanctions • Improve IT performance without increasing costs • Enhance data access WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 1
SECTION 1: CHALLENGE The Need to Better Manage Email Retention Policies Faced with increasing regulatory scrutiny and tougher laws surrounding electronic content, organizations of all sizes — in every type of industry — must pay closer attention than ever before to the way they manage, store and archive email messages. As rich sources of business- critical intellectual property, electronic records must be protected by strong retention policies that identify which emails need preserving and for what duration. Moreover, such a policy must also include guidelines that enable the safe, timely removal of messages from production systems and assist organizations in deleting them upon the expiration of the retention lifecycle. However, in an age dominated by electronic business communication, developing robust, effective retention guidelines for email volumes that proliferate at an exponential rate often results in increased storage costs, poor system performance and difficulties locating specific archived messages. Despite these considerable challenges, email retention policies comprise a key piece of an enterprise-wide Information Governance framework, and as such, must be implemented in order for organizations to achieve the three important capabilities of: • Litigation readiness • Regulatory compliance • Knowledge management Litigation Readiness Today, litigation readiness is the biggest force driving the development of comprehensive email retention policies. With the passage of the December 2006 amendments to the Federal Rules of Civil Procedure (FRCP) — which list emails, instant messages, text messages, Microsoft Word documents, spreadsheets and other electronic assets among the business records that can be used as evidence — organizations are now legally obliged to possess formal eDiscovery processes that make all relevant electronic documents available for assessment and analysis early in the litigation process. With this new regulation, enterprises need to know all of their sources of electronic information in advance of litigation, including email servers and backup tapes, deleted or retired records and data stored at remote locations. Gaining visibility into the sources of data is crucial, as it helps organizations quickly institute litigation holds that mitigate the potential for intentional or negligent alteration or destruction of any electronic records — known as spoliation in legal proceedings — which can result in significant penalties and jeopardize the outcome of the case. Attempting to comply with these FRCP amendments and drive litigation readiness without an effective Information Governance system often results in high operating costs and an increased risk of penalties. In fact, according to a study by Cohasset Associates, American businesses annually spend between $2.5 million and $4 million on eDiscovery for every billion dollars in sales, making it a large uncontrolled expense that is exceeded only by the costs of healthcare1. Moreover, organizations that fail to meet FRCP rules can face sanctions for the illegal destruction or alteration of evidence, or even risk losing cases they would have otherwise won or favorably settled. 2 WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION
Regulatory Compliance Meanwhile, the Sarbanes-Oxley Act (SOX), the Financial Industry Regulatory Authority (FINRA), the Health Insurance Portability and Accountability Act (HIPAA) and other regulatory mandates include strict guidelines about the preservation of electronic assets. In other words, these exacting criteria make email retention a key factor in achieving compliance. While the specific data subject to retention varies by authority, most require that all records directly pertaining to an organization’s business activity, including emails and other messages, be held for a predetermined amount of time. Exceptions to these regulations include spam and personal emails, though the latter can be requested during an investigation under certain circumstances. Knowledge Management An organization’s email records often contain valuable, proprietary information that is vital to the success and ongoing competitiveness of the business. Thus, retaining these messages and providing users with quick access to the information contained within can help to drive productivity and business innovation. Balancing Retention With Costs and Performance With email stores growing at an annual rate of 35 percent, keeping emails in online archives means that businesses must invest in additional physical storage space and hardware capable of maintaining performance under increased processing loads2. To combat the rising costs associated with email retention — while continuing to meet performance demands in production systems and comply with all legal and regulatory requirements — organizations need a way to identify non-essential messages that can be sent to offline storage or deleted. Managing Retention Through Policies and Automation However, because they lack the formalized policies that dictate which emails must be saved, which are not immediately essential to business needs and which can be deleted, many organizations struggle to make email retention a cost-effective core competency. In fact, in a study by the Osterman group, 53 percent of respondents said they lack such a policy3. What’s more, many of the world’s largest corporate messaging applications provide few resources to support compliance and retention operations. And without the right tools, organizations must manually search through individual inboxes and scour backup tapes to locate a specific email or attachment. At the same time, many outsourced backup companies charge a fee every time they are asked to locate and deliver archived messages — a process that can get quite costly as greater numbers of emails are requested. To achieve this crucial balance between costs and retention, organizations need to develop a carefully planned email retention policy and support it with a robust, comprehensive Information Governance solution. Leveraging technology to enable such a policy will ensure that all retention methodologies, responsibilities, procedures and timeframes are applied to each message and enforced on a consistent and uniform basis. In doing so, organizations improve their ability to demonstrate conformance to legal and regulatory initiatives, become well prepared for litigation and eDiscovery and increase cost efficiencies across the board. 1 “Information Governance: A Core Requirement for the Global Enterprise,” Cohasset Associates, October 2007. 2 “Reducing the Load on Email Servers,” Osterman Research, September 2007. 3 “Email Archiving Practices Survey of IT professionals,” Osterman Research, December 2007. WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 3
SECTION 2: OPPORTUNITY Developing and Implementing an Email Retention Policy To make email management procedures a cost-effective business asset, enterprises need to develop, actively enforce and audit comprehensive retention guidelines. These rules should specify consistent, enterprise-wide data archive windows and define permissions for who can access, change or delete messages, attachments and other records. To this end, organizations should guide themselves through the process of developing, implementing, monitoring and auditing a comprehensive email retention policy using the following 10 steps: 1. Define an email retention policy 2. Eliminate the variables hindering centralization 3. Educate employees about the retention policy 4. Incorporate relevant regulations into the retention policy 5. Identify roles with unique retention requirements 6. Balance retention guidelines and related IT costs 7. Provide employees with access to archived messages 8. Ensure that retention policies can accommodate legal holds 9. Validate that all messages are archived 10. Use technology to enforce retention policies Define an Email Policy In order to fully understand its retention obligations, an organization must first have a clear understanding of the types of content it transmits electronically. To provide this insight, the email retention policy should specify: DOCUMENT TYPES employees can send via email, as well as the specific files, such as sensitive business contracts, that must be transmitted using a different method. CONTENT GUIDELINES defining what should or should not go into emails, including policies around what constitutes sexual harassment or other unacceptable language. ENFORCEMENT MEASURES and best practices that automatically scan for policy violations and designate an internal authority to periodically review content. 4 WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION
Eliminate the Variables Hindering Centralization Without formal archiving guidelines and an automated system to manage the process, employees often save old messages and attachments on local storage systems, such as a PC hard drive. This lack of standardization makes tracking and protecting archived messages problematic. For example, a judge can request messages saved on personal archives during litigation and eDiscovery. But if an employee saves these on a hard drive, which then fails, the information is lost and the enterprise becomes vulnerable to legal and regulatory penalties around the spoliation of data. Moreover, locating the necessary data on all local hard drives throughout a large organization is a difficult, time-consuming and expensive process that often fails to discover every message saved on a non-standardized source. To avoid the possibility that a missing message results in legal sanctions, email retention policies should include specific, centralized archiving methods that prohibit employees from saving messages in personal folders. Educate Employees About the Retention Policy Even though a formal email retention policy may be defined and in place, many employees may remain unaware that such guidelines exist. To ensure that archiving rules are followed across the enterprise, all employees must be trained on the policy and able to demonstrate that they understand content and storage procedures, as well as any rules restricting the use of personal folders. Moreover, education should: • Detail the reasons why these rules are in place, • Offer instructions for using any supporting archiving technology • Outline the consequences of non compliance at both a business and personal level Incorporate Relevant Regulations Into the Retention Policy It is critical that all email retention policies incorporate the requirements of the mandates governing the industry in which an organization operates. There are many common regulations to consider. SOX SOX regulations apply to public companies across all industries and impose severe penalties on any business that deliberately alters or deletes documents in order to defraud customers or other third parties. To comply with SOX guidelines, companies must retain auditable emails for a minimum of five years from the end of their last fiscal years. FINRA FINRA rules demand that financial services firms establish formal, written policies and procedures that detail their email retention policies. After outlining these policies, a business must then demonstrate that all retention processes are in full compliance with FINRA guidelines. HIPAA HIPAA regulations apply to any email message or other electronic records that contain sensitive information about an individual’s medical history. The preservation period for a medical record is a minimum of five years, though some related statutes dictate that certain information be retained for the life of the patient. WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 5
BEYOND REGULATIONS Although many regulations exist beyond the three listed above, all regulatory bodies — regardless of industry specificity — make meeting the following requirements a key aspect of compliance. DATA PERMANENCE, where data must be in its original state without being altered or deleted. DATA SECURITY, where all retained information must be protected against security threats, including access by unauthorized persons and any outside forces that could physically damage or endanger the availability of archived messages. AVAILABILITY, where organizations must prove that all emails subject to the retention policy can be easily accessed by authorized personnel in a timely manner. Identify Roles With Unique Retention Requirements Specific organizational roles have unique archiving requirements, which must be captured in the larger retention policy. For example, brokers at financial services firms are obligated to keep all of their electronic correspondence for up to six years. Likewise, in pharmaceutical companies, scientists or physicians who perform drug tests must keep test-related emails on hand for even longer, as these may contain highly sensitive information that can be requested as evidence in eDiscovery. Finally, it is common practice in most enterprises to save the emails of CEOs indefinitely, even after their tenures have ended. Balance Retention Guidelines and Related IT Costs Though there are many specific legal and regulatory guidelines around email retention, no court or compliance authority demands the archiving of every email ever sent or received. As a result, organizations should implement a retention policy that reduces the storage burden by ensuring that the emails essential to meeting compliance and litigation guidelines are saved, while those that are not needed are deleted. By reducing storage through retention and deletion policies in line with legal and compliance mandates, IT can limit storage-related expenditures and streamline email administration tasks, which often comprise more than 40 percent of total IT support costs. In addition, this approach limits the amount of content requiring evaluation during the legal review phase of eDiscovery, further reducing costs. Provide Employees With Access to Archived Messages As enterprises establish overarching policies for archiving and deleting email messages, they must also verify that all employees have access to the electronic assets they need to carry out their business responsibilities. To support productivity, policies should establish rules that enable certain messages to be saved for personal communication, while allowing all other messages to be managed by the default retention strategy. These rules should also allow users to search for all archived email in both production and off-line storage systems, and in some cases, enable employees in similar roles to access messages owned by their coworkers. 6 WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION
Ensure That Retention Policies Can Accommodate Legal Holds Email retention policies must be flexible enough to be suspended if a legal hold is necessary. For example, if an organization is anticipating legal action, it might choose to retain all emails in order to preserve the information that may be used as evidence during litigation. It is critical that policies accommodate legal holds, because courts can impose sanctions for the spoliation of any messaging content or electronic records that are relevant to a legal proceeding. Validate That all Messages Are Archived In order to comply with eDiscovery and litigation mandates, businesses must confirm and demonstrate that all emails are captured and subject to the retention policy. To support this critical goal — and eliminate the possibility that information escapes retention — organizations should leverage an Information Governance solution with functionality that provides the live, real-time capture of every message that falls under the rules of the retention policy. Use Technology to Enforce Retention Policies To achieve the goals outlined in its email retention policy, an organization should implement a robust, automated Information Governance solution capable of enforcing policy guidelines across the business in an efficient, effective manner. Such a solution is the key to improving legal hold management, speeding retention processes and maintaining an archive that preserves necessary messages and purges non-essential emails as necessary. Information Governance solutions should help simplify access to archived messages through rules to grant permission by business classification, protect messages as corporate assets and make them available to employees within similar roles. Specifically, the optimal Information Governance solution should include: • Granular retention capabilities that allow organizations to keep individual emails according to specific criteria • Automatic email archiving that enables end users to access messages in a saved state • Folders that streamline the storage and retrieval of important messages • The ability to secure sensitive private information, such as social security numbers and medical records, to support HIPAA compliance • Capabilities for eDiscovery, including the classification and search of emails and other electronic records • Legal hold support that earmarks the specific emails that have been identified as evidence in litigation procedures WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 7
SECTION 3: BENEFITS Improving Email Management Policies Through Technology Enterprises that utilize an automated Information Governance solution to implement and manage a comprehensive email retention policy are better prepared to meet eDiscovery, compliance and knowledge management requirements — and promote more cost-effective email system performance and administrative activities. Specifically, Information Governance technology helps organizations develop and maintain email retention policies that: Reduce eDiscovery Costs By helping to establish a granular email retention policy, an Information Governance solution gives organizations instant access to the messages needed to meet specific regulatory, legal and eDiscovery requirements — and decreases the time and costs associated with manually searching archives, as well as the time spent in review, the most expensive phase of eDiscovery. Improve Regulatory Compliance Information Governance solutions help organizations verify that their retention policies address the requirements of industry regulations, greatly improving opportunities to comply with such initiatives as SOX, FINRA and HIPAA. Reduce the Risk of Sanctions By implementing and documenting uniform, consistent retention policies, Information Governance solutions help organizations preserve records that may be used in court proceedings and reduce the risk of sanctions for the illegal destruction or alteration of evidence. Improve IT Performance Without Increasing Costs An Information Governance solution provides organizations with the ability to develop a streamlined, cost-effective message archive that automates retention and disposition and leverages existing IT assets — reducing the need to add new servers, storage systems and maintenance personnel. Enhance Data Access With policy-based functionality that verifies that data is retained according to business classification, protected as a corporate asset and made available to employees with common roles and user profiles, an Information Governance solution helps to improve data access across the organization. 8 WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION
SECTION 4 Conclusions Given the heightened emphasis placed on the preservation and security of electronic assets, organizations across all industries are under increasing pressure to develop and implement a robust, comprehensive email retention policy that complies with various legal and regulatory bodies. Bolstering such a policy with an automated Information Governance solution enables enterprises to more efficiently and cost-effectively store and locate emails for eDiscovery, litigation, compliance and knowledge management purposes. In doing so, they are able to optimize their message archival and deletion processes, while simultaneously: • Improving system performance • Strengthening data availability • Reducing maintenance costs • Minimizing the risk of legal penalties or sanctions SECTION 5 References “Information Governance: A Core Requirement for the Global Enterprise,” Cohasset Associates, October 2007. “Reducing the Load on Email Servers,” Osterman Research, September 2007. “Email Archiving Practices Survey of IT Professionals,” Osterman Research, December 2007. SECTION 6 About the Author Eric Lundgren Eric Lundgren is Vice President of Technical Sales for the Information Governance Business INFORMATION GOVERNANCE Unit at CA. He has a deep background in email management, eDiscovery and records management. Currently, Eric is responsible for helping customers understand how they can better address the legal, regulatory and operational challenges posed by diverse sources of information, including email and electronic and physical records. Prior to working for CA, Eric was Vice President of Product Strategy and Technical Sales for iLumin Software, a leading email management, supervision and discovery software vendor. WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 9
CA (NSD: CA), one of the world’s leading independent, enterprise management software companies, unifies and simplifies complex information technology (IT) management across the enterprise for greater business results. With our Enterprise IT Management vision, solutions and expertise, we help customers effectively govern, manage and secure IT. 334390109

Recommandé

The Growing Email Archiving Dilemma
The Growing Email Archiving DilemmaThe Growing Email Archiving Dilemma
The Growing Email Archiving Dilemmagkfletch
 
Powerpoint tom
Powerpoint tomPowerpoint tom
Powerpoint tomaiimnevada
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityAccenture
 
Contracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy BortzContracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy Bortzitnewsafrica
 
Data Protection and Data Privacy
Data Protection and Data PrivacyData Protection and Data Privacy
Data Protection and Data PrivacyIT Governance Ltd
 
An examination of server consolidation: trends that can drive efficiencies an...
An examination of server consolidation: trends that can drive efficiencies an...An examination of server consolidation: trends that can drive efficiencies an...
An examination of server consolidation: trends that can drive efficiencies an...IBM India Smarter Computing
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
 

Recommandé

The Growing Email Archiving Dilemma
The Growing Email Archiving DilemmaThe Growing Email Archiving Dilemma
The Growing Email Archiving Dilemmagkfletch
 
Powerpoint tom
Powerpoint tomPowerpoint tom
Powerpoint tomaiimnevada
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityAccenture
 
Contracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy BortzContracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy Bortzitnewsafrica
 
Data Protection and Data Privacy
Data Protection and Data PrivacyData Protection and Data Privacy
Data Protection and Data PrivacyIT Governance Ltd
 
An examination of server consolidation: trends that can drive efficiencies an...
An examination of server consolidation: trends that can drive efficiencies an...An examination of server consolidation: trends that can drive efficiencies an...
An examination of server consolidation: trends that can drive efficiencies an...IBM India Smarter Computing
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
 
Master copy ev.cloud email retention training presentation
Master copy ev.cloud email retention training presentationMaster copy ev.cloud email retention training presentation
Master copy ev.cloud email retention training presentationLibert Pichardo
 
The Magic of Email Marketing: Using Email to Keep Retention Up & Costs Down
The Magic of Email Marketing: Using Email to Keep Retention Up & Costs DownThe Magic of Email Marketing: Using Email to Keep Retention Up & Costs Down
The Magic of Email Marketing: Using Email to Keep Retention Up & Costs DownPresslaff Interactive Revenue
 
DAILY COMMODITY REPORT BY EPIC RESEARCH-6 SEPTEMBER 2012
DAILY COMMODITY REPORT BY EPIC RESEARCH-6 SEPTEMBER 2012DAILY COMMODITY REPORT BY EPIC RESEARCH-6 SEPTEMBER 2012
DAILY COMMODITY REPORT BY EPIC RESEARCH-6 SEPTEMBER 2012Epic Research
 
Perception
PerceptionPerception
PerceptionAjay Karwasra
 
Email Management and Email Archiving
Email Management and Email ArchivingEmail Management and Email Archiving
Email Management and Email Archivingcrussell79
 
Dividend policy
Dividend policyDividend policy
Dividend policyPooja Narwani
 
Data Archiving white paper
Data Archiving white paperData Archiving white paper
Data Archiving white paperIBM India Smarter Computing
 
It Budget Tips
It Budget TipsIt Budget Tips
It Budget Tipsagiliancecommunity
 
Essential email security …business requirements and competitive landscape
Essential email security …business requirements and competitive landscapeEssential email security …business requirements and competitive landscape
Essential email security …business requirements and competitive landscapeUnified Communications Online
 
Convergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.DocConvergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.DocDavid Haines
 
Data Governance in the Cloud: Managing Quality and Compliance
Data Governance in the Cloud: Managing Quality and ComplianceData Governance in the Cloud: Managing Quality and Compliance
Data Governance in the Cloud: Managing Quality and Complianceferilion labs
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementSafeNet
 
Email archiving vs. destructive retention policies
Email archiving vs. destructive retention policiesEmail archiving vs. destructive retention policies
Email archiving vs. destructive retention policiesArcMail Technology
 
IBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?mbmobile
 
Six Steps to Information Management Compliance
Six Steps to Information Management ComplianceSix Steps to Information Management Compliance
Six Steps to Information Management ComplianceIron Mountain
 
Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostGuardEra Access Solutions, Inc.
 
Prospect Management and the CRM Advantage
Prospect Management and the CRM AdvantageProspect Management and the CRM Advantage
Prospect Management and the CRM AdvantageUniversity of Victoria
 
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...Osterman Research, Inc.
 
IDOL eDiscovery
IDOL eDiscoveryIDOL eDiscovery
IDOL eDiscoveryDarren Gallagher
 
21 cfr part 11 compliance for software validation and saa s
21 cfr part 11 compliance for software validation and saa s21 cfr part 11 compliance for software validation and saa s
21 cfr part 11 compliance for software validation and saa sGlobalCompliancePanel
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureNetwrix Corporation
 

Contenu connexe

En vedette

Master copy ev.cloud email retention training presentation
Master copy ev.cloud email retention training presentationMaster copy ev.cloud email retention training presentation
Master copy ev.cloud email retention training presentationLibert Pichardo
 
The Magic of Email Marketing: Using Email to Keep Retention Up & Costs Down
The Magic of Email Marketing: Using Email to Keep Retention Up & Costs DownThe Magic of Email Marketing: Using Email to Keep Retention Up & Costs Down
The Magic of Email Marketing: Using Email to Keep Retention Up & Costs DownPresslaff Interactive Revenue
 
DAILY COMMODITY REPORT BY EPIC RESEARCH-6 SEPTEMBER 2012
DAILY COMMODITY REPORT BY EPIC RESEARCH-6 SEPTEMBER 2012DAILY COMMODITY REPORT BY EPIC RESEARCH-6 SEPTEMBER 2012
DAILY COMMODITY REPORT BY EPIC RESEARCH-6 SEPTEMBER 2012Epic Research
 
Email Management and Email Archiving
Email Management and Email ArchivingEmail Management and Email Archiving
Email Management and Email Archivingcrussell79
 

En vedette (6)

Master copy ev.cloud email retention training presentation
Master copy ev.cloud email retention training presentationMaster copy ev.cloud email retention training presentation
Master copy ev.cloud email retention training presentation
 
The Magic of Email Marketing: Using Email to Keep Retention Up & Costs Down
The Magic of Email Marketing: Using Email to Keep Retention Up & Costs DownThe Magic of Email Marketing: Using Email to Keep Retention Up & Costs Down
The Magic of Email Marketing: Using Email to Keep Retention Up & Costs Down
 
DAILY COMMODITY REPORT BY EPIC RESEARCH-6 SEPTEMBER 2012
DAILY COMMODITY REPORT BY EPIC RESEARCH-6 SEPTEMBER 2012DAILY COMMODITY REPORT BY EPIC RESEARCH-6 SEPTEMBER 2012
DAILY COMMODITY REPORT BY EPIC RESEARCH-6 SEPTEMBER 2012
 
Perception
PerceptionPerception
Perception
 
Email Management and Email Archiving
Email Management and Email ArchivingEmail Management and Email Archiving
Email Management and Email Archiving
 
Dividend policy
Dividend policyDividend policy
Dividend policy
 

Similaire à 10 Steps to Effective Email Retention Policy

Essential email security …business requirements and competitive landscape
Essential email security …business requirements and competitive landscapeEssential email security …business requirements and competitive landscape
Essential email security …business requirements and competitive landscapeUnified Communications Online
 
Convergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.DocConvergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.DocDavid Haines
 
Data Governance in the Cloud: Managing Quality and Compliance
Data Governance in the Cloud: Managing Quality and ComplianceData Governance in the Cloud: Managing Quality and Compliance
Data Governance in the Cloud: Managing Quality and Complianceferilion labs
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementSafeNet
 
Email archiving vs. destructive retention policies
Email archiving vs. destructive retention policiesEmail archiving vs. destructive retention policies
Email archiving vs. destructive retention policiesArcMail Technology
 
IBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?mbmobile
 
Six Steps to Information Management Compliance
Six Steps to Information Management ComplianceSix Steps to Information Management Compliance
Six Steps to Information Management ComplianceIron Mountain
 
Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostGuardEra Access Solutions, Inc.
 
Prospect Management and the CRM Advantage
Prospect Management and the CRM AdvantageProspect Management and the CRM Advantage
Prospect Management and the CRM AdvantageUniversity of Victoria
 
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...Osterman Research, Inc.
 
21 cfr part 11 compliance for software validation and saa s
21 cfr part 11 compliance for software validation and saa s21 cfr part 11 compliance for software validation and saa s
21 cfr part 11 compliance for software validation and saa sGlobalCompliancePanel
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureNetwrix Corporation
 
Accounting Information Systems Australasian 1st Edition Romney Solutions Manual
Accounting Information Systems Australasian 1st Edition Romney Solutions ManualAccounting Information Systems Australasian 1st Edition Romney Solutions Manual
Accounting Information Systems Australasian 1st Edition Romney Solutions Manualxexunidop
 
Webinar Mastery Series: Email Retention Regulations in India and How Business...
Webinar Mastery Series: Email Retention Regulations in India and How Business...Webinar Mastery Series: Email Retention Regulations in India and How Business...
Webinar Mastery Series: Email Retention Regulations in India and How Business...Vaultastic
 
Solutions Storage
Solutions StorageSolutions Storage
Solutions StorageJim Chalil
 
ThinkDox implementation whitepaper for ECM
ThinkDox implementation whitepaper for ECMThinkDox implementation whitepaper for ECM
ThinkDox implementation whitepaper for ECMChristopher Wynder
 

Similaire à 10 Steps to Effective Email Retention Policy (20)

Data Archiving white paper
Data Archiving white paperData Archiving white paper
Data Archiving white paper
 
It Budget Tips
It Budget TipsIt Budget Tips
It Budget Tips
 
Essential email security …business requirements and competitive landscape
Essential email security …business requirements and competitive landscapeEssential email security …business requirements and competitive landscape
Essential email security …business requirements and competitive landscape
 
Convergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.DocConvergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.Doc
 
Data Governance in the Cloud: Managing Quality and Compliance
Data Governance in the Cloud: Managing Quality and ComplianceData Governance in the Cloud: Managing Quality and Compliance
Data Governance in the Cloud: Managing Quality and Compliance
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key Management
 
Email archiving vs. destructive retention policies
Email archiving vs. destructive retention policiesEmail archiving vs. destructive retention policies
Email archiving vs. destructive retention policies
 
IBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking: Automated Systems help meet new Compliance Requirements
IBM Banking: Automated Systems help meet new Compliance Requirements
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
 
Six Steps to Information Management Compliance
Six Steps to Information Management ComplianceSix Steps to Information Management Compliance
Six Steps to Information Management Compliance
 
Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & Cost
 
Prospect Management and the CRM Advantage
Prospect Management and the CRM AdvantageProspect Management and the CRM Advantage
Prospect Management and the CRM Advantage
 
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...
 
IDOL eDiscovery
IDOL eDiscoveryIDOL eDiscovery
IDOL eDiscovery
 
21 cfr part 11 compliance for software validation and saa s
21 cfr part 11 compliance for software validation and saa s21 cfr part 11 compliance for software validation and saa s
21 cfr part 11 compliance for software validation and saa s
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT Infrastructure
 
Accounting Information Systems Australasian 1st Edition Romney Solutions Manual
Accounting Information Systems Australasian 1st Edition Romney Solutions ManualAccounting Information Systems Australasian 1st Edition Romney Solutions Manual
Accounting Information Systems Australasian 1st Edition Romney Solutions Manual
 
Webinar Mastery Series: Email Retention Regulations in India and How Business...
Webinar Mastery Series: Email Retention Regulations in India and How Business...Webinar Mastery Series: Email Retention Regulations in India and How Business...
Webinar Mastery Series: Email Retention Regulations in India and How Business...
 
Solutions Storage
Solutions StorageSolutions Storage
Solutions Storage
 
ThinkDox implementation whitepaper for ECM
ThinkDox implementation whitepaper for ECMThinkDox implementation whitepaper for ECM
ThinkDox implementation whitepaper for ECM
 

Dernier

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 

Dernier (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 

10 Steps to Effective Email Retention Policy

  • 1. WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 10 Steps to Establishing an Effective Email Retention Policy JANUARY 2009 Eric Lundgren I N FO R M AT I O N G OV E R N A N C E
  • 2. Table of Contents Executive Summary SECTION 3: BENEFITS 8 Improving Email Management Policies Through SECTION 1: CHALLENGE 2 Technology The Need to Better Manage Email Retention Reduce eDiscovery Costs Policies Improve Regulatory Compliance Litigation Readiness Reduce the Risk of Sanctions Regulatory Compliance Improve IT Performance without Increasing Knowledge Management Costs Balancing Retention with Costs and Enhance Data Acces Performance SECTION 4: CONCLUSIONS 9 SECTION 2: OPPORTUNITY 4 Developing and Implementing an Email SECTION 5: REFERENCES 9 Retention Policy Define an Email Policy SECTION 6: ABOUT THE AUTHOR 9 Eliminate the Variables Hindering Centralization Educate Employees About the Retention Policy Incorporate Relevant Regulations into the Retention Policy Identify Roles With Unique Retention Requirements Balance Retention Guidelines and Related IT Costs Provide Employees With Access to Archived Messages Ensure That Retention Policies Can Accommodate Legal Holds Validate That all Messages Are Archived Use Technology to Enforce Retention Policies Copyright © 2009 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. THIS DOCUMENT IS FOR YOUR INFORMATIONAL PURPOSES ONLY. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENT, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, LOST INVESTMENT, BUSINESS INTERRUPTION, GOODWILL OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CA does not provide legal advice. Neither this document nor any software product referenced herein shall serve as a substitute for the reader’s compliance with any laws (including but not limited to any act, statue, regulation, rule, directive, standard, policy, administrative order, executive order, etc. (collectively, “Laws”)) referenced herein. The reader should consult with competent legal counsel regarding any such Laws.
  • 3. Executive Summary Challenge In order to address growing eDiscovery, compliance and knowledge management requirements, organizations must retain a greater number of emails than ever before. Yet with such a large percentage of internal and external business communications performed via email, this is becoming an increasingly difficult task — one with which many struggle to keep pace. What’s more, as the volumes of messages requiring retention grow, so too, do the related storage, retrieval and administrative costs. To address these challenges — and prepare for litigation and compliance reviews — enterprises need a standardized, policy- based email retention system that ensures all relevant messages are stored safely and in accordance with any pertinent industry laws and governing bodies. Opportunity Building a well-planned, enterprise-wide email retention policy helps establish uniform and consistent rules for all email and electronic records. Such a policy outlines email content, sets retention and deletion criteria and provides the flexibility to accommodate litigation holds and enable role-based user access. Leveraging a robust Information Governance solution also helps simplify the management of this process. The ideal solution should automate retention policy enforcement and task documentation, while providing an archiving and retrieval engine that streamlines an organization’s ability to locate messages for audits, litigation and eDiscovery in a timely and cost-effective manner. Benefits Using an automated Information Governance solution as the authority to manage an email retention policy enables organizations to meet eDiscovery, compliance and knowledge management requirements, while improving email system performance and reducing costs. Specifically, organizations can: • Reduce eDiscovery costs • Improve regulatory compliance • Reduce the risk of sanctions • Improve IT performance without increasing costs • Enhance data access WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 1
  • 4. SECTION 1: CHALLENGE The Need to Better Manage Email Retention Policies Faced with increasing regulatory scrutiny and tougher laws surrounding electronic content, organizations of all sizes — in every type of industry — must pay closer attention than ever before to the way they manage, store and archive email messages. As rich sources of business- critical intellectual property, electronic records must be protected by strong retention policies that identify which emails need preserving and for what duration. Moreover, such a policy must also include guidelines that enable the safe, timely removal of messages from production systems and assist organizations in deleting them upon the expiration of the retention lifecycle. However, in an age dominated by electronic business communication, developing robust, effective retention guidelines for email volumes that proliferate at an exponential rate often results in increased storage costs, poor system performance and difficulties locating specific archived messages. Despite these considerable challenges, email retention policies comprise a key piece of an enterprise-wide Information Governance framework, and as such, must be implemented in order for organizations to achieve the three important capabilities of: • Litigation readiness • Regulatory compliance • Knowledge management Litigation Readiness Today, litigation readiness is the biggest force driving the development of comprehensive email retention policies. With the passage of the December 2006 amendments to the Federal Rules of Civil Procedure (FRCP) — which list emails, instant messages, text messages, Microsoft Word documents, spreadsheets and other electronic assets among the business records that can be used as evidence — organizations are now legally obliged to possess formal eDiscovery processes that make all relevant electronic documents available for assessment and analysis early in the litigation process. With this new regulation, enterprises need to know all of their sources of electronic information in advance of litigation, including email servers and backup tapes, deleted or retired records and data stored at remote locations. Gaining visibility into the sources of data is crucial, as it helps organizations quickly institute litigation holds that mitigate the potential for intentional or negligent alteration or destruction of any electronic records — known as spoliation in legal proceedings — which can result in significant penalties and jeopardize the outcome of the case. Attempting to comply with these FRCP amendments and drive litigation readiness without an effective Information Governance system often results in high operating costs and an increased risk of penalties. In fact, according to a study by Cohasset Associates, American businesses annually spend between $2.5 million and $4 million on eDiscovery for every billion dollars in sales, making it a large uncontrolled expense that is exceeded only by the costs of healthcare1. Moreover, organizations that fail to meet FRCP rules can face sanctions for the illegal destruction or alteration of evidence, or even risk losing cases they would have otherwise won or favorably settled. 2 WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION
  • 5. Regulatory Compliance Meanwhile, the Sarbanes-Oxley Act (SOX), the Financial Industry Regulatory Authority (FINRA), the Health Insurance Portability and Accountability Act (HIPAA) and other regulatory mandates include strict guidelines about the preservation of electronic assets. In other words, these exacting criteria make email retention a key factor in achieving compliance. While the specific data subject to retention varies by authority, most require that all records directly pertaining to an organization’s business activity, including emails and other messages, be held for a predetermined amount of time. Exceptions to these regulations include spam and personal emails, though the latter can be requested during an investigation under certain circumstances. Knowledge Management An organization’s email records often contain valuable, proprietary information that is vital to the success and ongoing competitiveness of the business. Thus, retaining these messages and providing users with quick access to the information contained within can help to drive productivity and business innovation. Balancing Retention With Costs and Performance With email stores growing at an annual rate of 35 percent, keeping emails in online archives means that businesses must invest in additional physical storage space and hardware capable of maintaining performance under increased processing loads2. To combat the rising costs associated with email retention — while continuing to meet performance demands in production systems and comply with all legal and regulatory requirements — organizations need a way to identify non-essential messages that can be sent to offline storage or deleted. Managing Retention Through Policies and Automation However, because they lack the formalized policies that dictate which emails must be saved, which are not immediately essential to business needs and which can be deleted, many organizations struggle to make email retention a cost-effective core competency. In fact, in a study by the Osterman group, 53 percent of respondents said they lack such a policy3. What’s more, many of the world’s largest corporate messaging applications provide few resources to support compliance and retention operations. And without the right tools, organizations must manually search through individual inboxes and scour backup tapes to locate a specific email or attachment. At the same time, many outsourced backup companies charge a fee every time they are asked to locate and deliver archived messages — a process that can get quite costly as greater numbers of emails are requested. To achieve this crucial balance between costs and retention, organizations need to develop a carefully planned email retention policy and support it with a robust, comprehensive Information Governance solution. Leveraging technology to enable such a policy will ensure that all retention methodologies, responsibilities, procedures and timeframes are applied to each message and enforced on a consistent and uniform basis. In doing so, organizations improve their ability to demonstrate conformance to legal and regulatory initiatives, become well prepared for litigation and eDiscovery and increase cost efficiencies across the board. 1 “Information Governance: A Core Requirement for the Global Enterprise,” Cohasset Associates, October 2007. 2 “Reducing the Load on Email Servers,” Osterman Research, September 2007. 3 “Email Archiving Practices Survey of IT professionals,” Osterman Research, December 2007. WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 3
  • 6. SECTION 2: OPPORTUNITY Developing and Implementing an Email Retention Policy To make email management procedures a cost-effective business asset, enterprises need to develop, actively enforce and audit comprehensive retention guidelines. These rules should specify consistent, enterprise-wide data archive windows and define permissions for who can access, change or delete messages, attachments and other records. To this end, organizations should guide themselves through the process of developing, implementing, monitoring and auditing a comprehensive email retention policy using the following 10 steps: 1. Define an email retention policy 2. Eliminate the variables hindering centralization 3. Educate employees about the retention policy 4. Incorporate relevant regulations into the retention policy 5. Identify roles with unique retention requirements 6. Balance retention guidelines and related IT costs 7. Provide employees with access to archived messages 8. Ensure that retention policies can accommodate legal holds 9. Validate that all messages are archived 10. Use technology to enforce retention policies Define an Email Policy In order to fully understand its retention obligations, an organization must first have a clear understanding of the types of content it transmits electronically. To provide this insight, the email retention policy should specify: DOCUMENT TYPES employees can send via email, as well as the specific files, such as sensitive business contracts, that must be transmitted using a different method. CONTENT GUIDELINES defining what should or should not go into emails, including policies around what constitutes sexual harassment or other unacceptable language. ENFORCEMENT MEASURES and best practices that automatically scan for policy violations and designate an internal authority to periodically review content. 4 WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION
  • 7. Eliminate the Variables Hindering Centralization Without formal archiving guidelines and an automated system to manage the process, employees often save old messages and attachments on local storage systems, such as a PC hard drive. This lack of standardization makes tracking and protecting archived messages problematic. For example, a judge can request messages saved on personal archives during litigation and eDiscovery. But if an employee saves these on a hard drive, which then fails, the information is lost and the enterprise becomes vulnerable to legal and regulatory penalties around the spoliation of data. Moreover, locating the necessary data on all local hard drives throughout a large organization is a difficult, time-consuming and expensive process that often fails to discover every message saved on a non-standardized source. To avoid the possibility that a missing message results in legal sanctions, email retention policies should include specific, centralized archiving methods that prohibit employees from saving messages in personal folders. Educate Employees About the Retention Policy Even though a formal email retention policy may be defined and in place, many employees may remain unaware that such guidelines exist. To ensure that archiving rules are followed across the enterprise, all employees must be trained on the policy and able to demonstrate that they understand content and storage procedures, as well as any rules restricting the use of personal folders. Moreover, education should: • Detail the reasons why these rules are in place, • Offer instructions for using any supporting archiving technology • Outline the consequences of non compliance at both a business and personal level Incorporate Relevant Regulations Into the Retention Policy It is critical that all email retention policies incorporate the requirements of the mandates governing the industry in which an organization operates. There are many common regulations to consider. SOX SOX regulations apply to public companies across all industries and impose severe penalties on any business that deliberately alters or deletes documents in order to defraud customers or other third parties. To comply with SOX guidelines, companies must retain auditable emails for a minimum of five years from the end of their last fiscal years. FINRA FINRA rules demand that financial services firms establish formal, written policies and procedures that detail their email retention policies. After outlining these policies, a business must then demonstrate that all retention processes are in full compliance with FINRA guidelines. HIPAA HIPAA regulations apply to any email message or other electronic records that contain sensitive information about an individual’s medical history. The preservation period for a medical record is a minimum of five years, though some related statutes dictate that certain information be retained for the life of the patient. WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 5
  • 8. BEYOND REGULATIONS Although many regulations exist beyond the three listed above, all regulatory bodies — regardless of industry specificity — make meeting the following requirements a key aspect of compliance. DATA PERMANENCE, where data must be in its original state without being altered or deleted. DATA SECURITY, where all retained information must be protected against security threats, including access by unauthorized persons and any outside forces that could physically damage or endanger the availability of archived messages. AVAILABILITY, where organizations must prove that all emails subject to the retention policy can be easily accessed by authorized personnel in a timely manner. Identify Roles With Unique Retention Requirements Specific organizational roles have unique archiving requirements, which must be captured in the larger retention policy. For example, brokers at financial services firms are obligated to keep all of their electronic correspondence for up to six years. Likewise, in pharmaceutical companies, scientists or physicians who perform drug tests must keep test-related emails on hand for even longer, as these may contain highly sensitive information that can be requested as evidence in eDiscovery. Finally, it is common practice in most enterprises to save the emails of CEOs indefinitely, even after their tenures have ended. Balance Retention Guidelines and Related IT Costs Though there are many specific legal and regulatory guidelines around email retention, no court or compliance authority demands the archiving of every email ever sent or received. As a result, organizations should implement a retention policy that reduces the storage burden by ensuring that the emails essential to meeting compliance and litigation guidelines are saved, while those that are not needed are deleted. By reducing storage through retention and deletion policies in line with legal and compliance mandates, IT can limit storage-related expenditures and streamline email administration tasks, which often comprise more than 40 percent of total IT support costs. In addition, this approach limits the amount of content requiring evaluation during the legal review phase of eDiscovery, further reducing costs. Provide Employees With Access to Archived Messages As enterprises establish overarching policies for archiving and deleting email messages, they must also verify that all employees have access to the electronic assets they need to carry out their business responsibilities. To support productivity, policies should establish rules that enable certain messages to be saved for personal communication, while allowing all other messages to be managed by the default retention strategy. These rules should also allow users to search for all archived email in both production and off-line storage systems, and in some cases, enable employees in similar roles to access messages owned by their coworkers. 6 WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION
  • 9. Ensure That Retention Policies Can Accommodate Legal Holds Email retention policies must be flexible enough to be suspended if a legal hold is necessary. For example, if an organization is anticipating legal action, it might choose to retain all emails in order to preserve the information that may be used as evidence during litigation. It is critical that policies accommodate legal holds, because courts can impose sanctions for the spoliation of any messaging content or electronic records that are relevant to a legal proceeding. Validate That all Messages Are Archived In order to comply with eDiscovery and litigation mandates, businesses must confirm and demonstrate that all emails are captured and subject to the retention policy. To support this critical goal — and eliminate the possibility that information escapes retention — organizations should leverage an Information Governance solution with functionality that provides the live, real-time capture of every message that falls under the rules of the retention policy. Use Technology to Enforce Retention Policies To achieve the goals outlined in its email retention policy, an organization should implement a robust, automated Information Governance solution capable of enforcing policy guidelines across the business in an efficient, effective manner. Such a solution is the key to improving legal hold management, speeding retention processes and maintaining an archive that preserves necessary messages and purges non-essential emails as necessary. Information Governance solutions should help simplify access to archived messages through rules to grant permission by business classification, protect messages as corporate assets and make them available to employees within similar roles. Specifically, the optimal Information Governance solution should include: • Granular retention capabilities that allow organizations to keep individual emails according to specific criteria • Automatic email archiving that enables end users to access messages in a saved state • Folders that streamline the storage and retrieval of important messages • The ability to secure sensitive private information, such as social security numbers and medical records, to support HIPAA compliance • Capabilities for eDiscovery, including the classification and search of emails and other electronic records • Legal hold support that earmarks the specific emails that have been identified as evidence in litigation procedures WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 7
  • 10. SECTION 3: BENEFITS Improving Email Management Policies Through Technology Enterprises that utilize an automated Information Governance solution to implement and manage a comprehensive email retention policy are better prepared to meet eDiscovery, compliance and knowledge management requirements — and promote more cost-effective email system performance and administrative activities. Specifically, Information Governance technology helps organizations develop and maintain email retention policies that: Reduce eDiscovery Costs By helping to establish a granular email retention policy, an Information Governance solution gives organizations instant access to the messages needed to meet specific regulatory, legal and eDiscovery requirements — and decreases the time and costs associated with manually searching archives, as well as the time spent in review, the most expensive phase of eDiscovery. Improve Regulatory Compliance Information Governance solutions help organizations verify that their retention policies address the requirements of industry regulations, greatly improving opportunities to comply with such initiatives as SOX, FINRA and HIPAA. Reduce the Risk of Sanctions By implementing and documenting uniform, consistent retention policies, Information Governance solutions help organizations preserve records that may be used in court proceedings and reduce the risk of sanctions for the illegal destruction or alteration of evidence. Improve IT Performance Without Increasing Costs An Information Governance solution provides organizations with the ability to develop a streamlined, cost-effective message archive that automates retention and disposition and leverages existing IT assets — reducing the need to add new servers, storage systems and maintenance personnel. Enhance Data Access With policy-based functionality that verifies that data is retained according to business classification, protected as a corporate asset and made available to employees with common roles and user profiles, an Information Governance solution helps to improve data access across the organization. 8 WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION
  • 11. SECTION 4 Conclusions Given the heightened emphasis placed on the preservation and security of electronic assets, organizations across all industries are under increasing pressure to develop and implement a robust, comprehensive email retention policy that complies with various legal and regulatory bodies. Bolstering such a policy with an automated Information Governance solution enables enterprises to more efficiently and cost-effectively store and locate emails for eDiscovery, litigation, compliance and knowledge management purposes. In doing so, they are able to optimize their message archival and deletion processes, while simultaneously: • Improving system performance • Strengthening data availability • Reducing maintenance costs • Minimizing the risk of legal penalties or sanctions SECTION 5 References “Information Governance: A Core Requirement for the Global Enterprise,” Cohasset Associates, October 2007. “Reducing the Load on Email Servers,” Osterman Research, September 2007. “Email Archiving Practices Survey of IT Professionals,” Osterman Research, December 2007. SECTION 6 About the Author Eric Lundgren Eric Lundgren is Vice President of Technical Sales for the Information Governance Business INFORMATION GOVERNANCE Unit at CA. He has a deep background in email management, eDiscovery and records management. Currently, Eric is responsible for helping customers understand how they can better address the legal, regulatory and operational challenges posed by diverse sources of information, including email and electronic and physical records. Prior to working for CA, Eric was Vice President of Product Strategy and Technical Sales for iLumin Software, a leading email management, supervision and discovery software vendor. WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 9
  • 12. CA (NSD: CA), one of the world’s leading independent, enterprise management software companies, unifies and simplifies complex information technology (IT) management across the enterprise for greater business results. With our Enterprise IT Management vision, solutions and expertise, we help customers effectively govern, manage and secure IT. 334390109