Archiving for Compliance

By | August 2, 2006

Email is here to stay, volumes are going up and without management, it can be a real threat to your organisation’s future. It is not just the large companies who are at risk, companies of 10 employees may need archiving just as much. Email retention is about meeting your objectives – whether driven by internal e-policies or external regulations, and adding processes and the right mix of technology.

The following represent some of the points you need to cover when implementing a compliance solution. As there are many different laws and regulatory requirements you will need to define what is important to your implementation.

STEP ONE

Establish your data retention requirements. This should include talking to representatives across all business areas and includes identifying any legislation and motivation for compliance archiving. Also, consider internal selective email retention requirements, the required media type and whether there is need for tamper-proof assurance. The retention period(s) for data must be established and whether the data needs to be destroyed or merely expired after completion of the retention period. Retention periods may vary by department.

STEP TWO

When an organisation deploys an application to assist with compliance adherence, it is necessary to take away end-user decisions and involvement to ensure that the correct data is retained. Users cannot be expected to make decisions based on factors they may not understand. Therefore the correct archiving strategy is to identify the users who need to adhere to data retention legislation and to archive ALL of their email data. Where organisations are not sure to which group of users this is, it’s then better to archive all user data. Most legal systems do not accept missing data as a form of defence.

STEP THREE

Pick the appropriate storage media for the short and longer term. Investigate the compliance requirements for duplicating the media and whether the media needs to be stored in separate locations. Some email archiving products can be used with a storage manager to write to non-rewritable non-erasable media.

STEP FOUR

Retention periods and repositories are key to the effectiveness of your archiving solution in terms of manageability and of its ongoing ROI. The ability to set varied retention and deletion periods per archive repository provides crucial flexibility over time and cost-effectiveness with regard to storage. The ability to create different archive repositories should reduce your storage costs, increase the flexibility of the solution and ease the management task in understanding the solution? If retention in repositories can override the default then the flexibility and effectiveness of the solution will increase.

STEP FIVE

Evaluate, select and implement the email archiving product. You will need to involve all aspects of management to ensure that the compliance project is an organisation-wide activity. Remember that email is not just any company record – weaknesses in solutions that have not been built for email volumes and speed should become apparent at evaluation.

STEP SIX

Understand the processes in implementation. Think about how much data you have to archive. If you are to archive data that has built up over many years it isn´t going to get archived overnight. Take advice from your supplier on how best to approach this. If they can´t offer advice, think again about your choice of supplier. Experience is important. And one point to make. Do NOT archive the largest mailboxes first. Get your policies right, gain experience with your product. Develop a plan to address your corporate system.

STEP SEVEN

The role of backup of the archive must not be underestimated; this still requires disaster recovery planning. Your disaster recovery plan should allow for restoration of the full archiving services post a catastrophic failure. Back-up should, at a minimum, allow you to rebuild the storage manager and its configuration databases.

Leave a Reply