Archiving for Compliance

By | August 2, 2006

It should also include the configuration information files for your email archiving product, and its operational indexes.

STEP EIGHT

Ensure that access to the archived data is secure. Check that only the users you intend to have access are truly the only ones with access. Administrator’s operational errors from the past, due to pressures of work, or unclear instructions frequently leave compromise mailbox security. This may seem minor and boring, but compliance by ensuring data access integrity is just as important as archiving in the first place.

STEP NINE

Establish procedures and ensure only authorised staff have access to archive management consoles. Train administrators to manager the system and educate employees on e-policy and the legal implications of emails they send.

STEP TEN

Once implemented, review your requirements at regular intervals (at least every 6 months) to re-examine the requirements any new laws or regulations, retention periods and/or archiving policies make on the existing implementation.

Choosing an Archiving Product

Your archiving system is only good if you can find the information when you need it. Here are some questions to help guide your product search:

Can you search the archive to your timing objectives efficiently, regardless of volume or size?

Can you archive messages according to content or by specific address?

Can you retain messages between specific groups of people, internally and externally, or emails sent to a specific person?

Can you capture inbound and outbound messages and attachments?

Can you capture calendars?

Can you manage mailbox permissions to ensure access integrity?

Can you access data based on business requirements (for example, 24/7 access with a two-hour response time for a search or 9-to-5 access with a three day response time for a search)?

Other objectives: Capacity management of email

Keep in mind that setting up your compliance archiving and storage system may not help you with capacity management. A compliance archive contains a copy of all emails, though it should be configurable to store them across cost-effective media. Compliance archiving does not affect user access to their own mailbox natively, and a hybrid solution that seems to offer both compliance with mailbox level access to the archive, may compromise the value of both. Understand the differences and costs involved with two separate implementations. The costs and management effort may/may not be worth considering.

If email volumes are your main driver to archive, a selective archiving approach can be put in place to optimise system resource usage at the mailbox and across archive media. Policy-driven archiving should be extended to affect the mailbox so that the user can access the archive via message links or searches.

Conclusion

Email archiving can resolve many problems – meet data retention laws, reduce risk of litigation, improve system performance. In fact the objectives can seem to conflict inherently: how can you retain all email yet reduce storage volumes? The answers lie in prioritising aims and assessing where, if any, compromises can be reached.

Keep in mind that email archiving systems have evolved of the last few years. You need to examine products that are flexible to meet your needs. Email archiving requirements aren´t as uniform as some vendors would have you believe. Outside of regulation, organisations tend to have slightly different needs for archiving, even down to an individual or department.

Email archival vendors can help you realise where trade-offs do not have to lead to compromises in functionality – so that optimal use of resources can support compliant archives, and selective archival of email can meet the needs of the organisation and give email users continuous, uninterrupted access to their mail content. Our advice is to take the logical steps we’ve set out here. Be clear in your objectives, and you’ll find that email archiving can slot into your organisation just as you planned.

Leave a Reply