Top 10 best practices for email archiving

1. Understand what your main problems are before you purchase technology.
   The biggest mistake IT managers make when researching email archiving is to not fully understanding the reasons for email archiving. Often, companies are reacting to one problem of concern, such as an audit suggestion, which leads to rushing out to buy email archiving technology for Sarbanes-Oxley compliance and not taking into account productivity or storage problems. Most companies will have more than one problem that can be solved with email archiving. Whether it be regulatory compliance, litigation support or storage management, make sure you understand all of your needs before you take the next step.
2. Create or update email retention policy to reflect today's business needs.
   Very few companies have an up-to-date data retention policy. An effective document retention policy will address what the document retention policy covers, the company data retention philosophy, responsibilities and procedures. It will also have retention timeframes for all types of records in a company including unstructured data like Microsoft Office files, semi-structured records like email and structured records like mainframe databases. You will also want to create retention schedules that employees can easily follow and remember. Make these documents short and simple. Also document how long you will keep records (including emails).
3. Periodically perform a legal or regulatory refresh.
   When you have a data retention policy, be sure to review it annually. Regulations and laws change regularly, and so must your data retention policy. New regulations are created regularly as well as judicial rules of evidence. Government regulatory agencies and the courts expect companies to be fully aware of new regulations and laws.
4. Include all stakeholders: legal, compliance, HR, finance, investor relations, engineering, production and administration.
   A data retention policy affects every employee in the company and should reflect input from everyone. Create a cross-functional team that represents most business operations or departments. Interview a wide sampling of employees and departments to determine how and why they create documents; if they re-use or reference them later; and where they store the documents. This helps you create a retention policy that won't adversely affect the employees and their day-to-day work.
5. Focus on similarities in laws or regulations and create "high water mark" retention lengths.
   Multipage retention schedules are rarely effective or followed. Simplify them as much as possible. Most data retention requirements are for minimum retention periods. Create "high water marks" for similar types of documents. For example, retention regulations for employment records vary widely from one year to 10-plus years. It is easier for employees to follow one retention period ...
   
   To continue reading for free, register below or login

   Requires Membership to View

   To gain access to this and all member only content, please provide the following information:

   Email Address:
   
   
   

   By joining SearchCIO-Midmarket.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
   
   TechTarget cares about your privacy. Read our Privacy Policy
   To read more you must become a member of SearchCIO-Midmarket.com

   As an existing member of the TechTarget network please activate your SearchCIO-Midmarket.com account 

   By joining SearchCIO-Midmarket.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
   
   TechTarget cares about your privacy. Read our Privacy Policy
   
   
   

   Digg This!     StumbleUpon     Del.icio.us

   
   
   
   

   RELATED CONTENT Compliance management for the midmarket Test your knowledge: IT quizzes for midmarket CIOs What will net neutrality mean for SMBs? At your peril, disaster recovery testing gets short shrift From software prices to EHR security: The latest advice for CIOs Security and risk management in the midmarket A CIO's advice for implementing single sign-on solutions Compliance management: From virtualization to licensing agreements 2008 top 10 technology articles: Social media, Vista, IT salaries Healthcare compliance gets boost from national HHS privacy framework Taking electronic records retention management to the next level Data storage for the midmarket Data storage technology: Know your FAQs and options Midmarket data center management guides: Tips and best practices What do you know about data center outsourcing? Virtualized storage and SANs drive disaster recovery plan Disaster recovery plans solve bare-metal recovery problem via VMware The price of data center outsourcing: Security, costs and more explored Data center virtualization: User best practices Firm moves from tape backup to managed backup and recovery service IRobot CIO dishes on virtualization, disaster recovery and compliance Leading iRobot's IT: Virtualization, disaster recovery and compliance Email and messaging for the midmarket Test your knowledge: IT quizzes for midmarket CIOs Midmarket data center management guides: Tips and best practices CIO's cost-cutting measures include move to Gmail Midmarket firm harnesses email communication as part of disaster plan Arts center's network infrastructure hits right note with Wi-Fi, FMC When Microsoft shuts you down and other IT horror stories CIOs, unified communications and the lost art of conversation Fixed-mobile convergence saves firms costly mobile phone charges CIOs grapple with tying Wi-Fi, VoIP into unified communications plan Unified communications: Savvy business move or security meltdown?

   RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

   
   
   that meets all retention requirements for all employee-related records than to try to remember many different retention periods. Creating high-water marks for retention periods will also make it much easier to adopt automated email archiving processes.

6. Socialize your policy companywide.
   Be sure to adequately inform employees about the new or existing policy and make it easily accessible. Many employees don't know if their company has a data retention policy or where to find it if there is one. All employees should be "trained" on a new policy, including knowing why the policy was created (legal, regulatory or other); how to use any new technology associated with the new policy; and consequences for the company and employee if the policy is not followed. Offer annual training refreshers.
7. Don't attempt to teach employees to subjectively recognize "business" records.
   It is very difficult to create a uniform archive across a company if you are asking employees to individually decide which records are business records and what can be archived. For example, in a company of 1,000 employees, you will have 1,000 different retention policies if you rely on employees to interpret the policy and make archiving decisions. The less complicated the policy, the more uniform the archives will be.
8. Don't forget the email use policy.
   Even when you have a data retention policy, you should still publish an email use policy that informs the employees of their responsibilities, including things they shouldn't do, privacy expectations and consequences for system misuse.
9. Move email retention from a manual process to an automated process.
   Take email archiving out of the hands of employees. Automated email archiving will ensure uniform archiving, increase employee and IT productivity and most importantly, put in place a system that can ensure no message protection if a litigation hold procedure is instituted.
10. Discourage employees from creating personal archives (PSTs).
    Most employees, in companies without email archiving automation, create their own "personal archives" or PSTs for many reasons. They create them for future protection, for reference or re-use. This adversely affects employee productivity. If the company is capturing email traffic, employees won't need to spend time trying to find, access and creating archives.

Bill Tolson is practice manager for Contoural Inc., an independent provider of business and technology consulting services that focuses on compliance, intelligent data management and storage strategy.