Docstoc

SymantecEmailArchiving

Document Sample
SymantecEmailArchiving Powered By Docstoc
					   SearchExchange.com
                                                    INSIDE
                                               • 03 What is the
chapter 2 defining an email-archiving policy        purpose of an
                                                    email-archiving
                                                    policy?



Email archiving:
                                               • 04 What qualifies
                                                    as acceptable
                                                    use?

                          Planning,            • 07 Email
Implement and
enforce how
                        policies and                management
                                                    and retention

users manage                product            • 09 Staff roles and


                          selection
                                                    responsibilities
and retain
their electronic
messages with
a comprehensive
policy on
email archiving




                                                                       
chapter 2 Defining an email-archiving policy



  chapter 2
   Defining an email-archiving policy




Q
     by Kathryn Hilton
                                                                                             Defining and
               uestionable email deletions continue to grab head-                            archiving email
               lines as well as the attention of courts and litigators.                      business records
               Because of the uncertainty that still surrounds the use                       is one of the
               of email, it’s absolutely necessary in today’s business                       most important
               environment to define, implement and enforce an email-                        policy concerns
               archiving policy.                                                             for any company
                  Forty-three percent of corporations have an email-                         that is subject
     retention policy in place, but only 12% use an archiving tool to                        to regulatory
     manage retention and policy compliance, according to Osterman
                                                                                             compliance
     Research Inc., a market research firm based in Black Diamond,
                                                                                             requirements
     Wash. Many businesses still operate under the misconception
     that backing up their data constitutes an archive. Many also
                                                                                             and e-discovery.
     rely on the risky assumption that users correctly manage and
     save their own business records. Without set policies and
     procedures for archiving email, businesses face risks and penalties
     that can be severe.
                                                                                                                   

     Page 1 | Contents     What is the purpose of     What qualifies as   Email management      Staff roles and
                         an email-archiving policy?   acceptable use?       and retention       responsibilities
chapter 2 Defining an email-archiving policy



     What is the purpose of an email-archiving policy?

     The vast majority of infor-                  archiving project require a            receive email messages and at-
     mation created today is sent                 steering committee to repre-           tachments in all regions of the
     and received in electronic for-              sent all the interests of a com-       world where the company does
     mat. The estimated number of                 pany. The email-archiving pol-         business. The policy should also
     non-spam email messages sent                 icy should be a component of           include other personnel, such
     worldwide on a daily basis is 25             an overall records management          as contractors and consultants.
     billion, according to Ferris Re-             program with its own record-re-        It should also address trans-
     search, a San Francisco-based                tention policies and procedures        actional information, such as
     research firm that specializes               that dictate which emails and          email headers, summaries and
     in messaging and collaborative               attachments to save, how long          addresses.
     technologies.                                to save them and when to de-              Companies should establish
        The typical number of email               lete them.                             email policies and procedures
     messages sent and received                      In addition, an email-ar-           for users that contain guide-
     by the average business user is              chiving policy should reference        lines covering acceptable and
     600 per week, said Ferris Re-                and reinforce other corporate          unacceptable use of email, data
     search. An email-archiving poli-             policies such as IT policies on        privacy, email management
     cy can help control and manage               acceptable use and security,           and retention, and penalties for
     the unending flow of informa-                HR policies relating to code of        noncompliance.



                                                                                     s
     tion by addressing regulatory                conduct, and legal policies and
     compliance, litigation readiness,            procedures regarding litigation
     productivity issues as well as               hold or e-discovery.                      The email-archiving policy should
     general business needs.                         When evaluating the scope              be a component of an overall
        As mentioned in Chapter ,                of an email-archiving policy,             records management program
     developing an email-archiving                companies should consider                 with its own record-retention
     policy and a successful email-               all users who create, send or             policies and procedures.
                                                                                                                                

     Page 1 | Contents     What is the purpose of        What qualifies as      Email management          Staff roles and
                         an email-archiving policy?      acceptable use?          and retention           responsibilities
chapter 2 Defining an email-archiving policy



     What qualifies as acceptable use?
                                                  Defining the terms of acceptable use offers guidelines and
     All companies should                         requirements for personal use, security concerns and confidential
     have an official IT                          information:
     acceptable-use policy to                     • Personal Use Remind users to exercise good judgment for rea-
     provide guidelines for                       sonable personal use of email. Incidental or occasional personal use
                                                  of email for non-business purposes is generally acceptable. Users
     the usage of computer                        should know, however, that personal information -- such as personal
     equipment, network                           financial transactions -- could be inadvertently captured in the email
                                                  archive. Users must understand the implications of this when using
     resources, applications,                     email for personal purposes.
     Internet systems and                            Users must also be advised about business communications that
                                                  are sent over personal email. A 2006 survey by Osterman Research
     email. The email-                            found that more than 16% of employees regularly communicate about
     archiving policy should                      business issues using their personal email accounts. Outside of a
                                                  complete ban on personal email, an acceptable-use policy must en-
     refer to the acceptable-                     courage users to carbon-copy to their corporate account any personal
     use policy and expand                        email containing business information.
     upon the areas                               • secUrity concerns Caution users about security issues. At-
     specifically related to                      tachments, for example, may contain viruses or other potentially
                                                  malicious programs.
     email use.
                                                  • confiDential information Provide rules for sending confi-
                                                  dential information using tools such as encryption software.
                                                    The unacceptable-use policy should give users guidelines and re-
                                                                                                                           

     Page 1 | Contents     What is the purpose of        What qualifies as      Email management        Staff roles and
                         an email-archiving policy?      acceptable use?          and retention         responsibilities
chapter 2 Defining an email-archiving policy



     quirements prohibiting the following uses of email:
     • Sending unsolicited junk mail, advertising or mass mailings                            Any business
     • Using email for any form of harassment, including those that contain
       any indecent or obscene materials                                                      record, including
     • Creating or forwarding chain letters or other pyramid schemes                          email, may
     • Sending email with inappropriate content, including content that is
       discriminatory, defamatory or threatening. Discriminatory content
                                                                                              be subject
       includes references to sex, race, age, disability or religious beliefs                 to discovery
                                                                                              proceedings and
     •PST FileS The acceptable-use policy should also state whether
     users can create PST files to store email messages. Some email-ar-
                                                                                              legal actions.
     chiving products impose quota restrictions to limit mailbox size.
     These restrictions often force users to create offline PST files to man-



                                                                                        s
     age and reduce their mailbox size. On the other hand, allowing PST
     files could create difficulties for e-discovery search-and-collection
     efforts and may ultimately increase e-discovery costs if the official
                                                                                                   Allowing PST
     archive does not include all email.                                                           files could create
                                                                                                   difficulties for e-
     •DaTa Privacy Companies must monitor the data-privacy laws                                    discovery search-
     within all countries in which they conduct business.                                          and-collection efforts
       Employers have wide-ranging latitude to monitor and access em-                              and may ultimately
                                                                                                   increase e-discovery
     ployee email that is sent or received with or without employee knowl-
                                                                                                   costs if the official
     edge or consent. The email-archiving policy should clearly tell em-                           archive does not
     ployees that:                                                                                 include all email.
     • They should not expect privacy when using company resources for email.
     • Any business record, including email, may be subject to discovery
       proceedings and legal actions.
     • Deleted email usually can be recovered and then used in a legal action.
                                                                                                                               

     Page 1 | Contents      What is the purpose of     What qualifies as        Email management            Staff roles and
                          an email-archiving policy?   acceptable use?            and retention             responsibilities
All content and no discovery?




Lost in a maze of unmanageable content? Find your way out with Enterprise Vault. It’s a flexible archiving framework that
enables the discovery of content within email, file system and collaborative environments. Reduce costs. Simplify management.
Put your discovery fears behind you at www.symantec.com/compliance                                                           BE FEARLESS.   
Copyright ©2005 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo and Enterprise Vault are trademarks
or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.
chapter 2 Defining an email-archiving policy



     Email management and retention

     Companies should decide                      Understanding a company’s              properly identify, manage and
     how to implement and enforce                 corporate culture helps deter-         retain their own email can drain
     email management and re-                     mine the correct options as well       corporate productivity. If users
     tention. The email-archiving                 as the necessary amount of             do not follow directions, the
     policy must clearly state how                supervision and support.               company can face considerable
     and where email records will                   For manual procedures, in-           legal risk.
     be managed, protected and                    clude step-by-step email-re-              Because of this risk factor,
     retained according to the cor-               tention instructions for users.        more and more companies are
     porate retention policy and                  These instructions cover or-           adopting automated products
     schedule. The options generally              ganizing, storing, maintaining,        for a consistent, documented
     include automated email-ar-                  accessing and deleting email.          and enforceable means of
     chiving systems, manual pro-                 Include user training to ensure        managing email. For an auto-
     cedures or some mix of manual                policy enforcement. Compa-             mated email-archiving solu-
     and electronic systems and                   nies must remember, however,           tion, provide an overview of the
     processes. Each option has its               that even with education and           hardware and software environ-
     advantages and disadvantages.                training, relying on users to          ment, the location of the email
                                                                                         servers, the determination of
                                                                                         whether or not a journaling or
     Relying on users to properly identify,                                              batch process is being used,
     manage and retain their own email can                                               and the backup or data-recov-
                                                                                         ery processes that are in place
     drain corporate productivity.                                                       for the archive.
                                                                                            The email-archiving tool can
                                                                                         define record-retention periods
                                                                                         for email. The amount of flex-
                                                                                                                            

     Page 1 | Contents     What is the purpose of        What qualifies as      Email management         Staff roles and
                         an email-archiving policy?      acceptable use?          and retention          responsibilities
chapter 2 Defining an email-archiving policy



     ibility and number of options                avoiding the archiving of junk         email-archiving policy must
     vary by vendor and product.                  mail or irrelevant content             provide instructions on how to
     The tool should document how                                                        handle information so it is not
     it assigns retention periods,                Warning users about flagged            automatically deleted during
     such as by department, key                   items of concern                       or after the standard reten-
     words or individual names.                                                          tion period. Exceptions can
     Available features and options               applying transparent end-user          be handled by electronic or
     can include:                                 management by company,                 manual processes. Email that
                                                  department or user                     qualifies as an exception can be
     automatically classifying                                                           electronically moved or saved
     and archiving email based on                    An email-archiving policy           in a folder on a shared server as
     content and metadata                         should explain how it handles          long as the data on the server is
                                                  exceptions to retention set-           managed according to a corpo-
     implementing retention                       tings. For example, a user may         rate record-retention schedule.
     policies based on attachment,                receive an email that should           Users may also print out emails
     message, folder, age, size and               be retained for a long time — a        and file the paper copies.
     keyword                                      legal contract, for example. An

     enabling granular retention

     logically combining criteria to              An email-archiving policy must provide
     include or exclude information               instructions on how to handle information so
                                                  it is not automatically deleted during or after
     applying different retention
     standards for different users or             the standard retention period.
     folders


                                                                                                                             

     Page 1 | Contents     What is the purpose of        What qualifies as      Email management         Staff roles and
                         an email-archiving policy?      acceptable use?          and retention          responsibilities
chapter 2 Defining an email-archiving policy



     Staff roles and responsibilities

     To ensure compliance,                        create an email-archiving policy that defines the roles and respon-
                                                  sibilities of users, managers, it staff, records management staff and
     provide managers and                         the legal department in managing and enforcing the policy:
     users with training
                                                  emPloyees Distribute a copy of the policy for all employees, includ-
     and support. Users                           ing contractors and consultants, to read and sign. Include an acknowl-
     should understand                            edgement stating that they understand the policy and agree to com-
                                                  ply with it.
     what a business record
     is and how to use the                        managers Managers must ensure that they and their employees
                                                  manage email records in accordance with the policy.
     email-archiving tool
     to manage and access                         it staff The IT department supports the email-archiving tool. The
                                                  IT department also sets the retention and disposition periods within
     their records.                               the archiving tool to ensure policy compliance.

                                                  recorDs management staff The records management staff
                                                  gives and collects input on changes to the policy. The records man-
                                                  agement staff also enforces compliance and usually conducts em-
                                                  ployee and manager training as well.

                                                  legal DePartment staff The legal department staff reviews and
                                                  updates the email-archiving policy.


                                                                                                                           

     Page 1 | Contents     What is the purpose of        What qualifies as      Email management        Staff roles and
                         an email-archiving policy?      acceptable use?          and retention         responsibilities
chapter 2 Defining an email-archiving policy




     Users must know that violating either                           Establish a procedure for documenting the
                                                                     changes to the email-archiving policy. Include
     legal or company email policies can                             references to other related policies that require
     lead to penalties. Companies, in turn,                          updating based on changes to the email-archiving
                                                                     policy.
     should create an internal audit process                            Review the email-archiving policy annually to en-
     to document and enforce compliance.                             sure compliance with new regulations or changes
                                                                     to any old regulations. Ideally, a review committee
     aUDiting Make compliance mandatory for all                      evaluates changes and signs off on all approvals.
     users and include compliance in an internal audit               The review committee should include represen-
     review.                                                         tatives from the legal department, the human
                                                                     resources department, the records management
     Violations anD Penalties Let users know                         department and the IT department.
     that abusing email policies can lead to corrective                 Provide an appendix that defines all relevant
     actions, including termination of employment.                   terms in the policy document. Definitions should
                                                                     include business records, retention periods, transi-
                                                                     tory records and convenience copies.
                                                                        Email is an essential business communication
     Review the email-archiving policy                               tool. A clear, easily understandable policy will help
                                                                     all employees use email appropriately. Defining
     annually to ensure compliance                                   and archiving email business records should be
     with new regulations or changes                                 one of the most important policy concerns for any
     to any old regulations.                                         company that is subject to regulatory compliance
                                                                     requirements and e-discovery. Successful retention
                                                                     and archiving of email has now become a differen-
                                                                     tiator in both the courtroom and the boardroom.
                                                                                                                             0

     Page 1 | Contents     What is the purpose of     What qualifies as         Email management         Staff roles and
                         an email-archiving policy?   acceptable use?             and retention          responsibilities
© 2007 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and Enterprise Vault are registered trademarks of Symantec Corporation.




                                                                                                                                                         
chapter 2 Defining an email-archiving policy



     Additional resources                                                   About the author
     from Symantec
                                                                            Kathryn Hilton has worked in
                                                                            technology for more than 20 years
     Learn more about                                                       as an industry analyst for Gartner
     Symantec Enterprise Vault                                              Group and for several large storage
     Symantec Enterprise Vault 7.0 provides a                               companies. Hilton received a
     software-based intelligent archiving platform                          bachelor of arts degree in business
     that stores, manages and enables discovery of                          economics from the University of
     corporate data from email systems, file server                         California, Santa Barbara, and
     environments, instant messaging platforms and                          a master’s degree in business
     content management and collaboration systems.                          administration from the University of
                                                                            Colorado Leeds School of Business.
           for a variety of white papers,                                   She is currently a senior analyst for
           case studies, testimonials                                       policy at Contoural Inc., a provider of
           and more, click here.                                            business and technology consulting
                                                                            services that focuses on litigation
                                                                            readiness, compliance, information
                                                                            and records management, and data
                                                                            storage strategy.

                                                                                                                       

     Page 1 | Contents      What is the purpose of     What qualifies as   Email management         Staff roles and
                          an email-archiving policy?   acceptable use?       and retention          responsibilities

				
DOCUMENT INFO
Shared By:
Categories:
Tags: White, Paper
Stats:
views:35
posted:4/3/2008
language:English
pages:12