The state of e-mail compliance: a technology perspective.The importance of data management and information lifecycle management Information Lifecycle Management refers to a wide-ranging set of strategies for administering storage systems on computing devices. Specifically, four categories of storage strategies may be considered under the auspices of ILM. (ILM) has never been greater--as a result of the proliferation proliferation /pro·lif·er·a·tion/ (pro-lif?er-a´shun) the reproduction or multiplication of similar forms, especially of cells.prolif´erativeprolif´erous pro·lif·er·a·tion n. of compliance regulations across industries from financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. to healthcare to life sciences in parallel with the exponential growth Extremely fast growth. On a chart, the line curves up rather than being straight. Contrast with linear. of data and use of e-mail as a business communication medium. The mandate to create a strategy to securely archive, monitor and "promptly" produce records has companies struggling to make sense of the requirements and figure out how to manage their electronic data, particularly e-mail and instant messages (IMs). Rules like SEC 17a-4, which applies to registered broker-dealers, and the May 2003 implementation of the SEC Books and Records rule have created even more stringent mandates for record keeping of e-mail and other electronic communication, requiring secure archiving, monitoring and "prompt" production of records. This, in turn, has created a three-fold challenge. * First, simply having a records management system does not ensure that it is compliant with the rapidly evolving regulatory environment. * Second, the records management system that worked for paper documents may not work for e-mail and IMs, particularly when it comes to discovery. * And third, at this point, the truth is that regulations are continually being tested by litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. , so that demonstrating compliance is judged by a perpetually shifting standard that changes as regulations are challenged in court. With these uncertainties, how can businesses begin to address the technology issues to bring themselves into compliance? The reality is that regulatory bodies aren't in the business of putting people out of business. Therefore, a demonstration of investment and sponsorship at the highest levels within an organization may be sufficient to satisfy compliance requirements Compliance requirements are a series of directives established by United States Federal government agencies that summarize hundreds of Federal laws and regulations applicable to Federal assistance (also known as Federal aid or Federal funds). in the short term. However, as regulations continue to evolve and are better defined through case law and best practices evolve to match the changing regulations, companies (particularly in the financial services space) should not wait to begin investing in compliance. From a business perspective, bringing your e-mail infrastructure into line with regulatory compliance not only enables companies to protect themselves against the penalties for non-compliance but, over time, also contributes to reducing total cost of ownership and return on investment through streamlining information management in the data center. From a technology perspective, the three most salient issues are: sizing and deployment, controlling unmanaged data and training--all the way down to the user level. Sizing and Deployment The first step toward successfully bringing IT into line with compliance regulations is evaluating and deciding the scope and how to bound the initial compliance effort. It sounds obvious, but taking a hard look at your infrastructure and the needs of the various parts of your organization is key. Ask yourself, over time, how large will this archive grow? We know that e-mail is a primary means of business communication and analysts at Ferris Research say that the number of corporate e-mails has increased by 50% over the last year and is predicted to increase an additional 35-50% next year. Take into account that regulations also have different time requirements for data retention. Controlling Unmanaged Data Building a compliant system must take into account how different users within an organization create unmanaged data--either through saving e-mail archives to their desktops, on NAS (1) See network access server. (2) (Network Attached Storage) A specialized file server that connects to the network. A NAS device contains a slimmed-down operating system and a file system and processes only I/O requests by supporting the popular devices or tape backups Using magnetic tape for storing duplicate copies of hard disk files. Users can add an internal or external tape drive to their desktop computers for backup purposes, and files are typically copied to the tapes using a backup utility that updates on a periodic schedule. of servers--all of which can be significant roadblocks to creating a compliant system. Recognize that different regulations have different requirements on how long data must be retained, where it is saved and who has access to it. For instance, for financial services companies, the need to be compliant with state and federal securities regulations defines the business value of data and its associated retention period. For example, if a firm chooses to manage e-mail as simple correspondence, then there is a regulatory obligation to retain the e-mail for three years. At the end of those three years, the Years, The the seven decades of Eleanor Pargiter’s life. [Br. Lit.: Benét, 1109] See : Time business value of compliance stops and the resulting action is that the record is destroyed. Drilling down even further, the issues of authenticity, use as evidence and completeness further illustrate that reining in unmanaged data through a solution which captures e-mails, archives them and keeps them available, is as much a compliance issue as it is a protection in the discovery process The importance of setting a retention and disposition policy and following it is highlighted by multiple court cases, including the ruling in 2002's Murphy Oil Murphy Oil Corporation NYSE: MUR is a petroleum corporation. It is a S&P 500 company. In 2007, it was ranked as the 169th largest company in America on the Fortune 500. The current President & CEO is Claiborne Deming. v. Fluor Daniel case. Though the case was focused on the question of who should pay for the cost of restoring and printing e-mails, an important point in the case was that the defendant's e-mail retention policy was to recycle backup tapes See tape backup. every 45 days; but because it neglected to follow its own policy, there were 93 tapes from the time period at issue, containing more than 25,000 e-mails. The defendant estimated that it would take six months and cost $6.2 million to restore the tapes, convert the e-mails to TIFF images, and print the e-mails. Training While the financial investment in compliance is usually easily grasped by organizations, many have the tendency to underestimate the investment it will take from a training and education perspective. Compliance requires the creation of new roles--around IT, records management, litigation support and requires training all the way out to the user level. Choosing an E-Mail Management Solution A truly compliant e-mail management solution must be measurable and shown to effectively meet regulatory requirements Regulatory requirements are part of the process of drug discovery and drug development. Regulatory requirements describe what is necessary for a new drug to be approved for marketing in any particular country. . So clearly, records management on it's own isn't enough. An effective solution should capture full-text indices, archive e-mail, instant messages and attachments, provide full management of the e-mail lifecycle and ensure that e-mail and IM records cannot be altered and, most importantly Adv. 1. most importantly - above and beyond all other consideration; "above all, you must be independent" above all, most especially , provide full auditing and reporting capabilities. Should it Stay or Should it Go? Once the initial decision has been made about the scope of the project and a solution is selected, the next important decision is whether or not to manage deployment in-house or to outsource the entire project. Given the evolving and complex nature of compliance and the imperative for it to coordinate with all parts of a business, to outsource is a "pay now-or-pay-later" question. The out-sourcing option exists for those who are willing to define compliance more narrowly and pay a third party to archive messages for them. While it does satisfy regulatory bodies, outsourcing doesn't necessarily mitigate the problem of unmanaged data and doesn't allow for coordination with all parts of a business. Conclusion The depth and specificity of regulations, along with the exponential growth of e-mail, can make e-mail compliance seem a daunting daunt tr.v. daunt·ed, daunt·ing, daunts To abate the courage of; discourage. See Synonyms at dismay. [Middle English daunten, from Old French danter, from Latin task. But a well-considered approach that sets reasonable boundaries, that controls unmanaged data and is supported by a training regimen that reinforces the importance of centralized cen·tral·ize v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es v.tr. 1. To draw into or toward a center; consolidate. 2. data management, will enable companies to avoid the penalties of non-compliance while managing their litigation risks. RELATED ARTICLE: SPIM (SPam Instant Messaging) Unsolicited advertising appearing in instant messages. SPIM is even more annoying than spam. Unlike e-mail ads, which can often be relegated to a junk folder in the user's e-mail program, a SPIM ad pops up on screen whenever it is sent. ? According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. a statement sent to us from a company called Omnipod, a new type of SPAM is on the loose and it goes by the name of SPIM (Instant Messaging Exchanging text messages in real time between two or more people logged into a particular instant messaging (IM) service. Instant messaging is more interactive than e-mail because messages are sent immediately, whereas e-mail messages can be queued up in a mail server for seconds or Spam). The Radicati Group, a technology marketing research firm, projects that the amount of SPIM is set to almost triple from 400 million instant messages in 2003 to about 1,200 million instant messages by the end of this year. "E-mail marketers are abusing instant messaging by using it as a way to send out SPIM," said Matthew Hunt, chief technology officer of Omnipod, and expert on the SPIM problem and what can be done to fight it. "It's a horrible problem that many of the traditional consumer-based IM systems don't do anything about. Fortunately, there are remedies." With secure instant messaging platforms like Omnipod's--as well as other vendors' that contain SPIM-blocking filters that block junk messages before they can reach your computer screen--you can block these annoying creatures from ever imposing on your valuable enterprise chat time! Denise Reier is vice president of product marketing, messaging group, at LEGATO (Legato Systems, Inc., Mountain View, CA, www.legato.com) A leading provider of storage management and high-availability software founded in 1988 and acquired by EMC Corporation in 2003. Legato software, including Celestra data management (data mining, data migration, etc. Software, a division of EMC (1) (EMC Corporation, Hopkinton, MA, www.emc.com) The leading supplier of storage products for midrange computers and mainframes. Founded in 1979 by Richard J. Egan and Roger Marino, EMC has developed advanced storage and retrieval technologies for the world's largest companies. (Mountain View, CA) www.legato.com |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion