Getting smart about email compliance

By Mark Bentkower July 3, 2014

Organisations are faced with stricter external and internal regulatory requirements
New tools allow them to establish and implement external email archiving strategy

Getting smart about email compliance IN today’s business environment, where messaging data continues to grow at exponential rates, the need for archiving is more important than ever.

In Asia Pacific, 72% of organisations rate the exponential growth and increasing complexity of data as one of their top data management challenges, according to the CommVault/ IDC Smart Data Management in the Third Platform Era report.

Organisations are not only becoming aware of the importance of archiving data sources, but also the need to make it easier for users to locate that data in the future – regardless of their location.

It has become increasingly complicated for organisations to manage these high volumes of corporate data internally. Faced with stricter external and internal regulatory requirements, much of which is increasingly relevant to email compliance, organisations are beginning to turn away from legacy infrastructure toward smarter compliance tools.

This new generation of tools include sophisticated high quality indexing storage solutions to establish and implement an external email archiving strategy.

In today’s business environment, where messaging data continues to grow at exponential rates, here are three important factors that IT decision makers should consider if they are to get smart about email compliance and transform a once rocky relationship into a blissful romance.

1) Develop an effective archiving strategy

Given the rise of social networking platforms and instant messaging, it’s somewhat surprising that email still remains the primary channel for corporate communication.

Users tend to consider their mailbox as a storage facility, and therefore demand access to all of their emails, at all times. This presents an additional challenge for organisations, most of which are also obliged to implement external email compliance measures.

This ultimately increases the need for sophisticated email compliance tools, such as search and sampling, which require high quality indexed storage.

In this new age of data storage, where greater value and longer protection is afforded to information, organisations should look to design and deploy an IT infrastructure that is able to support a comprehensive data management strategy.

In establishing this data management and compliance strategy, IT decision makers should consider an archiving solution to help reduce storage costs and reduce backup windows. Info-Tech Research guidelines suggest this is particularly so of organisations with at least two regulatory bodies governing the business.

Modern email archiving tools operate with increasing intelligence and efficiency. Larger organisations can opt for solutions that can scale according to aggressive RTO/ RPO (recovery time/ point objective) requirements and are capable of addressing higher risk profiles.

Once email information is archived, solutions with built-in storage analytics can determine how this information is both archived and disposed of.

Both end-users and IT can benefit from this indexed archive data. Discovery of key words and dates can lead to the creation of rules-based automation, where a consistent set of rules can be applied to all archived content.

In some verticals, such as e-commerce, emails are often the only transaction record. For these organisations, records management capabilities are paramount.

Advanced email archiving solutions answer this need, and can provide a single system of record that can be integrated into the wider transaction database.

2) Align strategy to legal requirements

In addition to internal organisational compliance, organisations must also contend with continuously evolving external regulatory requirements.

Regardless of industry or sector, any corporate information generated within an organisation may be subject to regulatory or litigation requests – corporate emails included. The risks of non-compliance are significant, and can lead to legal, financial and reputation damage.

Organisations need to develop solid plans for the reliable retention of enterprise controlled information.

IT decision makers need to understand the organisation’s business requirements in order to set the correct retention policies.

However, without knowing the business’ legal needs, how can IT do its job? IT departments cannot be expected to be the compliance experts within an organisation.

The role of IT should be to provide technical guidance in email compliance and larger data management regulatory issues, documenting and codifying information governance policies, creating rules in the system, and selecting the most efficient deployment system for achieving corporate objectives.

Different vertical organisations will find that their strategy meets different legal requirements. For example, the banking, healthcare and finance sectors have complex regulatory environments which require precise collection procedures.

Automated e-discovery processes can serve to effectively satisfy these prescribed information requests. By building e-discovery into the email archiving solution, internal IT and legal departments can align and operate together more efficiently, saving both time and money in attending to these information requests.

3) Invest in purposeful, efficient, training

Finally, if enterprises are to fully utilise email archiving benefits, they must be willing to invest in proper training.

When it comes to email compliance, archiving solutions can provide untold benefits, but only when users are confident in their capacity to use it. Many vendors offer training, either as an option or as part of the implementation of the software.

However, it largely falls to IT departments to make the key decisions of when and who to train.

It’s a given that IT staff should receive training, but IT should look beyond training its own teams. Helpdesk and compliance staff should have some understanding to create legal hold processes when litigation is anticipated, to maximise search benefits, and export information for legal presentations.

When compliance officers are trained on administrative controls and procedures, and are confident of performing basic search and recovery operations independently, this frees up the IT department to focus on driving key business objectives.

Additionally, enterprises must consider when training takes place. There are ways to introduce efficient training of email archiving solutions, avoiding costly training mistakes – where the time of seasoned technicians is taken up ‘mentoring’ IT newbies.

Scheduling the archive solution training immediately before an e-discovery request is due, for example, can minimise bottom line impact.

Getting smart about email compliance The increasing operational complexity of email management, rising costs combined with flat budgets, as well as regulatory rigour, are raising the bar for email compliance, making email archiving inevitable for most organisations.

Email archiving serves as a means of owning and managing the flow of information, both into and out of the organisation. In the modern data landscape, auditability is an increasing compliance driver – not just relatable to emails, but also to the growing volumes of structured and unstructured data generated.

Organisations must be able to make this information identifiable and available at any time to satisfy internal and external requests, or face the consequences.

Hence, it is more important now than ever for companies to have a well-thought out archiving strategy. Organisations have to get smart about email compliance and implement an efficient solution that can secure intellectual property, prevent harassment and protect the corporate brand.

An efficient solution should also allow companies to reduce cost, and negate the risks associated with electronic communications as well as general corporate data.