Technology Blog »

E-Discovery and Email Compliance

IT Security Risk Assessment
IT Security Risk Assessment

Email has become the standard for both internal and external business communication. Your company's email contains important, and sometimes confidential, information that needs to be archived.

There are a number of reasons to implement an email compliance policy for your small to mid-sized business. Email is often the only form of written communication that exists between you and your suppliers, your partners, your customers and your prospective clients. It is critical that a copy of this correspondence is retained to ensure the company fulfils the requirements of email compliance regulations and to quickly respond should legal issues such as e-discovery requests arise on short notice.

Of course, email is the backbone of internal discussions between colleagues. Referring to past communications, or monitoring current electronic conversations, may be necessary.

Why your company needs email archiving

Existing regulations such as Sarbanes-Oxley, the Health Insurance Portability and Accountability Act (HIPAA) and the Federal Rules of Civil Procedure (FRCP) consider email equal to paper-based documents; it is valid and admissible documentation in a court of law. Such documentation is often requested by attorneys or courts in the form of an e-discovery request. This is the process of locating, securing and using documentation from a company's archives in a legal setting. Therefore, the ability to easily locate specific email, with confidence that it hasn't been altered, is critical. Companies, as a result, need to invest in an easy-to-manage email archive. Failure to comply could result in hefty legal fines, a loss in court, and a damaged reputation.

Your company must implement an email compliance policy with particular attention to email archiving, and it’s easy to do. First, create a suitable policy that meets your company's needs and adheres to appropriate regulations, and then purchase a product to automatically support your policy.

The best way to implement email archiving

Email archives should have their own localized server that is specific to a task. Having your emails archived to a separate database, as opposed to using local disk space or eating up space on the email server, ensures:

  • Better security against tampering
  • Easier maintenance
  • Increased protection in the case of a server failure
  • Less load on the your mail server, resulting in faster mail service

Use your email server for filtering emails. Don't bog it down with archiving, which increases the likelihood of overloads that lead to delays and crashes.

Moreover, separate backups of both servers ensure a safer environment and minimize the risk of data loss should a backup fail. Archiving emails to a separate server enables you to recover communications from a specific point in time and begin to work again from there. The retrieval of emails to that point will be simple and quick, making the resumption of work relatively hassle-free for IT administrators.

Having a dedicated email server and a separate archiving server allows for easier hardware maintenance, stronger security, and better resource allocation.

Email archiving for compliance

A system with built-in auditing capability (e.g., recording, logging and the retention of database and user activity) or other secure, built-in methods (e.g., encryption) goes a long way toward preventing email tampering. This is particularly important in industries and countries where regulations require organizations to monitor user activity and keep audit trails of activity. In any environment, it is important to have an email compliance archive that is easily searchable, so email can be retrieved quickly upon demand.

An email archive that is cumbersome to administer can quickly add to a problem rather than the solution. Email archive systems must be easy to audit for compliance purposes. Log files and counts must be maintained as proof of all actions taken to meet and maintain compliance for email archiving. Logs must prove that all email is being captured, and that all emails (including their attachments) can be searched for, found and viewed in their original format.

It is also important to advise users that their email is being recorded and archived. Email archiving is becoming a standard practice in today's businesses. The implementation of a successful email compliance policy could save your company a lot of time, money and resources under the pressure of e-discovery requests. The right system will guarantee that you are in a position to respond, and that your company is in compliance with all email regulations.