IT GRC Forum

FacebookJoin our Linkedin Group!Follow us on Twitter!Subscribe to our Feeds!
E-mail

The Benefits of Email Compliance in a Business

By Jesmond Darmanin

Email has become the standard method of correspondence used by businesses sending important and sometimes confidential messages. Such sensitive information needs to be archived for possible future use in order to comply with eDiscovery requests, specific regulations as well as the company's email compliance policies.
Email correspondence is used for both internal and external affairs therefore it is important that a copy of all emails is archived for possible future needs relating to legal, compliance and human resource issues. A company must also be in a position to respond to eDiscovery requests at short notice.


Why a company needs email archiving


Existing regulations such as Sarbanes-Oxley, HIPAA and the FRCP treat emails as being equal to paper-based documents in terms of valid and legal documentation presented in a court of law and are therefore admissible during an eDiscovery request.


eDiscovery is the process of locating, securing and using documentation from a company's archives in a legal setting, so a company must have the ability to procure the necessary documents with the confirmation that these have not been tampered with. Failure to abide by procedures could result in court fines and other financial burdens, as well as a failing reputation.


How email archiving should be implemented


For security, maintenance and resource reasons, email archives should not be archived on the mail server but should have their own localized server that is specific to the task.


Having your emails archived on a separate database ensures more protection for the archives should the server crash, as well as lightening the load on the server. When archiving is another process that the email server is meant to handle, its resources are being stretched to capacity risking poor performance in both tasks. A dedicated email server and a dedicated archiving server render the upkeep of both machines a simpler and cleaner process.


Moreover, separate backups of both servers ensure a safer environment, as by having the archived emails on a separate server, should the email server crash all is not lost since the archived emails would be accessible and easily recoverable meaning that work can be resumed from a certain point.


Email archiving compliance


In industries and countries where regulations require organizations to monitor user activity and keep audit trails, a system that records, logs and retains a database of user activity, or other secure methods such as encryption will ensure that emails have not been tampered with as this would render them inadmissible in a court of law. An auditing facility is also important for compliance purposes.


Log files and counts must prove that all emails (including their attachments) are being captured and can be searched for, found and viewed in their original format. Advising users that their emails are being recorded and archived will act as a deterrent to any abuse of the system.


Email archiving is becoming a standard practice in today's businesses as the implementation of a successful email compliance policy could save a company a lot of time, money and resources, and provide guarantees that it is in a position to respond to eDiscovery processes and fulfil the requirements of compliance regulation which the company must adhere to.

Article Source

About the Author:
Jesmond Darmanin is a freelance writer who is passionate about business IT issues.

Trackback(0)
Comments (0)add comment

Write comment

busy
 

Subscribe via Email

 Your Email:
Banner