Win the high stakes of enterprise email controls by creating the right policies for your organization before it’s too late

The majority of organizations today are at risk with minimal or no policies in place to control data shared through every day communications. According to Enterprise Strategy Group (ESG), more than 65 percent of an average company’s intellectual property is sent both internally and externally via e-mail and resides somewhere within the messaging infrastructure. In addition, according to Osterman Research December 2008 report, only about one-third of organizations have what they consider to be detailed and thorough e-mail policies, while the vast majority of organizations have only basic, relatively incomplete, policies in place.

It is clear that the majority of companies today do not have the necessary systems in place to implement the policies needed to protect the organization’s data. If systems are in place, email is often overlooked.

This situation can leave organizations in a more precarious situation than C-level executives initially realize, especially for those in highly regulated industries. After all, e-mail has replaced memos, voice mails and face-to-face meetings as a means of sharing information and getting work done. Many employees prefer e-mail over telephone conversations because of it allows for easy and efficient communication with multiple parties, with the added benefit of a paper trail that can be tracked and referenced as needed.

As e-mail further becomes a workflow tool, its relevance deteriorates in many ways. Most see e-mail as somewhat of a burden in the work day, despite it being a necessary communications tool. Users are copied and blind copied as both a courtesy and requirement. Other “opt-in” e-mail traffic, such as periodicals, newsletters, order confirmations and personal e-mails, only add to the volume of messaging activity. With e-mail now considered a legal business record, this growing volume of information signals a source of increased legal liability within the enterprise.

Underscoring the importance of properly categorized and managed e-mail archives, the Federal Rules of Civil Procedure (FRCP) requires that e-mail and other electronic communication be provided in a timely and organized manner during the litigation discovery process. With current regulations including SEC Rule 17a-4, SOX, FERC and HIPPA also posing an increased risk of violation to organizations lacking the necessary policy controls, C-level executives must find methods to comply with laws and regulations while keeping capital expenditures and operating budgets at a minimum. For example, some organizations have taken to targeted archiving: only archive the users that might be involved as custodians in the future. For many organizations this represents only a small fraction of the total user base. In any case, the best approach is a proactive one to avoid costly litigation fees or fines from triggering a regulatory violation.

With regulatory and e-discovery deadlines in full effect, organizations of all sizes are pressed to implement a proactive approach based on cost-effective e-mail retention and archiving policies that can be consistently enforced. Implementing enterprise e-mail risk management is a strategic priority that requires business driven polices and a flexible technology deployment to enforce them. To improve disclosures and safeguard against potential regulatory violations within enterprise e-mail traffic, consider integrating your IT, compliance, HR and legal departments into a cohesive team to implement an ongoing proactive strategic approach to regulatory risk management.

To get a start on an implementing an ongoing preventative approach to enterprise e-mail management, the following are suggested steps to help organizations address regulatory compliance risks by creating a true culture of compliance without additional expense in time or business interruption:

1. Manage intentional and unintentional employee misuse: While neither SOX nor

You do not have flash or javascript support.

Average (1 vote)

Reply