IT administrators have seen their workloads skyrocket with the advent of Sarbanes-Oxley and other compliance regulations. As much of today’s business and communication is done electronically, a large part of the compliance burden falls on IT administrators, who are expected to implement and monitor internal controls.
What is required by compliance regulations?
Compliance regulations vary by industry and location, as well as whether or not your organization is publicly traded. In general, compliance regulations specify what business records should be retained, how long they should be retained and under what circumstances. Generally, compliance requires retaining electronic files and communications for no less than a year in a tamper-proof but easily accessible location. Compliance requires consistently evaluating your internal controls and being able to prove to a third party that your controls meet requirements.
Compliance is an ongoing process that should (ideally) involve multiple departments, including executive/managerial, legal, human resources, and possibly financial, working together to determine the best strategies to achieve sustainable compliance. Other departments, usually legal, should determine which records need to retained and for how long. However, auditors and legal counsels who have little experience in the realm of technology may not be able to articulate in the proper terms what exactly they expect the IT team to deliver.
What will IT need to do to facilitate compliance?
The IT team will interpret the compliance requirements in terms of the company’s IT infrastructure.
Determine best practices for your current environment.
What are the strengths and weak points of your current email or file server? What are the strengths and weaknesses of your current retention policy? How could processes be improved? Which features does your organization require in an archiving product and which would you just prefer?
|Consider the impact any future changes in your IT environment will have on an archiving product.
In the first rush to meet compliance regulations, many companies found themselves stuck with archiving technology that cannot adapt to their changing IT infrastructure or corporate policy changes because they didn’t take future plans into account. Is your organization considering migrating to a different server? Are merger and acquisition activities a future possibility?
MessageSolution’s archiving software solutions are extremely flexible. Enterprise Email Archive accesses server data using a variety of protocols, ranging from SMTP to MAPI to Web Service, which allows Enterprise Email Archive to archive from multiple disparate servers. Enterprise File Archive supports more than 400 file formats. Both email and file archiving solutions can handle more than a terabyte of data every day.
Capture and archive all relevant records.
Organizations with compliance requirements can take advantage of Enterprise Email Archive’s real-time archiving capability. Real-time archiving captures all inbound, outbound and internal emails as they pass through the email server by connecting to the journal box. Real-time, or journal, archiving ensures that users cannot completely delete emails and attachments, as a copy will be archived before it even reaches their inbox.
Automate policy application and user management.
|Logs and Reports.
Both Enterprise Email Archive and Enterprise File Archive provide IT, auditors, and management with automatically-generated logs and reports, to assist with archive and user management. The archive self-monitors and sends alerts to the administrator to assist with archive maintenance.
Enterprise Email Archive and Enterprise File Archive provide granular access controls. Create policies and apply them to entire departments, groups, or individual users. To see how easy user management is, view a free online demo.
|Utilize Authentication Servers
Enterprise Email Archive connects to the appropriate authentication servers (Microsoft Active Directory, Domino Directory, etc.) to import and update active email user information. All group information is replicated to the email archive. Enterprise Email Archive also allows the administrator to create archive-only groups, which will have no affect on the authentication server. The email archive polls the directory for new users before every archiving session.
What happens if your company is not fully compliant?
When a company fails to meet regulation standards in an external audit, a fine is usually levied on the organization. Sometimes the effects live on beyond financial losses, however. Stockholders’ or customers’ trust will drop, which can have far reaching effects. In some cases, executives may be jailed if they are deemed accountable for a major compliance violation.
How do employees complicate compliance objectives?
Employees complicate compliance objectives when they are not properly educated about or if they are not inclined to follow corporate policy. Unless a company can prove it has done everything in its power to keep employees from violating policy, the company will be held responsible for employees’ mistakes. Employees must certainly be educated on the policies and the reasons behind them, but the best way to ensure that employees do not violate policy is to apply policy automatically.
Enterprise Email Archive and Enterprise File Archive are transparent compliance software solutions that automate policy application. The archive is entirely policy-based, allowing the archive administrator(s) to create multiple policies and apply them to entire departments or individual employees. If certain employees must be singled out, Enterprise Email and File Archives allow the admin to select that user from the user list and configure a policy specific to only that user.
Employees also complicate email compliance by creating local archive files (PST and NSF files) when management enforces a quota. Employees want to retain access to their historical emails and attachments, but there is often not room on the email server to store all employees’ historical emails. Enterprise Email Archive’s stubbing feature allows employees to keep a stub link to old emails in their email client (such as Outlook or Lotus Notes), while removing the bulk of the email or attachment from the email server and storing it in the archive. Users can also search for old messages in the archive via an intuitive browser-based interface or, for Suite Edition users, from Outlook or Lotus Notes.
With information readily available, users will no longer need to create PST or NSF files. Enterprise Email Archive helps organizations manage their existing PST and NSF files with our Migration Utility. Import PST and NSF files into the email archive and manage them just as you would normal emails. PST or NSF files from ex-employees can even be assigned to a current employee to manage.
Continue Using Your Backup Solution:
Backup solutions and archiving solutions are not mutually exclusive processes. In fact, the two solutions complement each other, and both solutions should be implemented within best practices guidelines for a corporate electronic mail/file system.The main differences between an archiving solution and a backup solution are that an archiving solution:
Gives an organization the ability to search through archived emails/attachments or files
Reduces the storage requirements for email/file servers
Cleans and removes old, dormant emails/attachments or files from the email/file servers after these electronic documents have been archived for years
Backup solutions, however, are intended to back up all data in case any unexpected data loss occurs during the course of the business. An archiving solution is not intended to replace the backup system; organizations need to continue to backup the primary mail/file system.