It is becoming ever more difficult for organisations to keep their heads buried in the sand when it comes to email retention, and this applies to enterprises of all types and sizes. It might seem to be a chore that distracts from the real purpose of the business, but the penalties of failing to adhere to email compliance regulations are potentially so severe that they can no longer be ignored by companies that wish to stay in business, so here are a few simple steps that any business can and should take to make sure that they stay on the right side of the law.
The first thing that needs to be done is to review the email retention requirements. The laws change over time, and the requirements depend on the nature of the business. Once you are clear about what is expected of your organisation, you need to address your retention policy. For instance, does it satisfy those requirements which you have identified or does it fall short? The direction in which you should aim is that of creating an increased amount of transparency and visibility, and dumping those inevitable bunkers of data which cannot be accessed by anyone other than their owner. Here PST files are often the killer. They tend not to be backed up, they are difficult to search, they tend to be distributed anywhere in the organisation, and are usually not accessible by the IT department. However it is important that employees are fully aware of how they should archive their emails.
Next you should determine whether your hardware and software retention tools are up to the mark. For instance, is there adequate storage for the ever increasing quantity of email? Is the email archive adequately secure or are employees able to delete emails without permission or is sensitive information too easily accessible? You should also consider how easily the archive can be accessed by staff with the appropriate permissions; an inaccessible archive is essentially a useless archive with negative e-discovery implications.
Disaster recovery strategies also need reviewing. If you archive your emails on your own premises how will you recover from a disaster? It is essential to have a backup plan so that you can recover your data when one day a disaster strikes.
Once you are happy that your system is compliant, you should aim to carry out regular audits of it to ensure that it remains on track. Don’t leave it until you next get round to it, rather you should schedule formal audits to be carried out at quarterly intervals.
For further information on email retention and compliance services, visit Mimecast.com