Docstoc

CreatinganEffectiveEmailPolicy4-16-09

Document Sample
CreatinganEffectiveEmailPolicy4-16-09 Powered By Docstoc
					   Creating an Effective
       Email Policy

Jesse Wilkins
April 16, 2009
                 Central Missouri Chapter
    ELEMENTS OF AN EMAIL
    POLICY
2
Email policy
• Critical requirement for effective
  governance
• Provides broad policy statements
• Should be included in broader
  communications or IT policy
• Lots of references and
  examples available

3
Email policy elements
• Every organization’s email policy will be
  different
    – Public vs. private sector
    – Regulatory requirements, both horizontal and
      vertical
• There are some common areas that
  should be addressed


4
Policy elements
•   Purpose
•   Scope
•   Definitions
•   Policy statements
•   Procedures
•   Responsibilities
•   References

5
Purpose and scope
This policy has three purposes:
1. Establish definitions relevant to the email
   management program
2. Describe usage policies relating to email
3. Describe security and technology policies
   relating to email


Scope: This policy is applicable to the entire
  enterprise.
6
Definitions
• Uncommon terms
• Common terms used in an uncommon
  fashion
• Acronyms and abbreviations




7
Acceptable usage
• Most common element of email policies
  today
• Typically addresses things NOT to do:
    – Obscene language or sexual content
    – Jokes, chain letters, business solicitation
    – Racial, ethnic, religious, or other slurs
• May address signature blocks
    – Standardization, URLs, pictures
8
Effective usage
• Guidance on writing emails
    – Wording and punctuation
    – Spell check and grammar check
    – Effective subject lines
• Guidance on email etiquette
• Guidance on addressees



9
Personal usage
• Whether personal usage is allowed
• Any limitations to personal usage
• Separation of personal and business
  usage within individual messages
• Personal email account access




10
Ownership and stewardship
• Whether email is considered to be owned
  by the organization
• Responsibility for stewardship of
  messages, both sent and received
• Privacy and monitoring
• Third-party access



11
Retention and disposition
• Email is a medium, not a record type or
  series
• Email messages can be records
     – Subject to open records/FOIA, discovery, etc.
• Other information objects can be records
     – Calendars
     – Read receipts/bounces


12
Legal issues
• Email can be subject to discovery
• Assigns responsibility for communicating
  legal holds
• Describes whether or not email
  disclaimers will be used and how
• May outline privilege issues



13
Encryption and digital signatures
• Outlines whether encryption is allowed
     – What approaches available for encryption
• Whether digital signatures are allowed
     – What approaches to use




14
Mobile and remote email
• Most often found as part of general
  policies for remote workers
• Requirements for mobile
  devices
• Requirements for web-based
  access
• Synchronization and
  login requirements
15
Archival
• Addresses whether email will be archived
• Addresses whether personal archives will
  be allowed
• May address backups – but backups are
  not archives




16
Security
• Attachment limitations
     – Whether they can be
       sent at all
     – Size limitations
     – Content type limitations
• Attachments vs. links
• Content filtering
• Encryption and DRM
17
Procedures
• Detailed instructions for complying with
  policies
• Each of the policy statements will have
  one or more procedures
• May be specific to process, business unit,
  jurisdiction, application



18
Responsibilities
• Responsibilities for policy development
  and maintenance
• Responsibilities for compliance with policy
     – Managers
     – Users
     – Specialist staff




19
References
• List any references used
  to develop the policy
     – Internal strategic
       documents
     – Records program
       governance instruments
     – Publications



20
     DEVELOPING
     THE EMAIL POLICY
21
The policy framework
• Approach to developing and implementing
  a policy
• Ensures that policy development is
  consistent with organizational goals
• Ensures that policy meets legal and
  regulatory requirements



22
1. Get management support
• Policy development requires time and
  energy from users and stakeholders
• So does policy implementation
• Ongoing compliance will require
  auditing and communication
• None of this happens without
  management support

23
2. Identify stakeholders
• Policy should address the entire enterprise
• Stakeholders should include:
     – Business unit managers
     – End users
     – Legal, RM, IT
     – External customers and partners




24
3. Identify the goals of the policy
• What changes are being introduced?
     – Processes, technologies
• What are the desired outcomes?
• What behavioral changes should result?




25
4. Conduct the research
• Legal research
• Organizational research
• Public research
     – Standards and guidelines
     – Benchmarking
• Consult with similar
  organizations
• Analyze the results
26
5. Draft the policy
• Collaborative and iterative process
• There are a number of resources available
  to provide an email policy framework
• These are starting points
  and need to be customized
  for your requirements


27
6. Review the policy
• Review by legal, HR, users
• Ensures it is valid
• Ensures it will work within existing
  organizational culture
• Change management




28
7. Approve the policy
• Policy is reviewed by business managers,
  senior management
• Complete revisions as necessary
• Approve the policy




29
8. Implement the policy
• Communication
• Training
• Auditing




30
    9. Once the policy is live
• Monitor for compliance with policy
• Solicit feedback about policy
• Provide refresher training as required
• Consider whether to retain
  previous versions of the policy
• Plan for periodic review and maintenance


31
Questions?




32
For more information
Jesse Wilkins, ermm, emmm, ecmm
Access Sciences Corporation
(303) 574-0749 direct
jwilkins@accesssciences.com
http://informata.blogspot.com
http://www.accesssciences.com/blogs
Twitter: jessewilkins

33

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:6/25/2011
language:English
pages:33