FREE DM Review Site Registration!
Sign-up today and access DM Review on the Web!

Your FREE registration entitles you to:
FREE email newsletters

FREE access to all DM Review content

FREE access to web seminars, resource portals, our white paper library and more!

   
BI Review content and features are now in DMReview.com!

One brand, one Web site! DM Review is now the home of all the content you're used to at BIReview.com and much more. If you are registered at BIReview.com, you're already registered at DM Review. If not, take just a moment to sign up for all the free services we have for you at the new DMReview.com.

Corporate Messaging Governance

  • William Laurent
  • BI Review Magazine, September 2007
For many organizations, email messaging serves as the primary means communication and dissemination of corporate records, both internally and externally. With ever expanding volumes of email content coupled with the clear and present danger of electronic mail abuse, the challenges that corporate and IT executives face with their current email messaging infrastructures are daunting. Although email governance now has raised visibility in all competitive corporations, the focus is often times myopic and fails to properly set forth authoritative archiving rules for corporate records. While corporate diligence on improper email "etiquette" is high (via quarantines, restricted content lists, and more), the risks of weak email retention policies may not properly addressed or understood. Well-founded email archiving and retention policies will lend more credibility and robustness to numerous corporate governance and compliance initiatives, now and in the future. In addition to the most visible regulatory mandates such as Sarbanes-Oxley, HIPPA, (and those from the NASD, SEC, NYSE, etc.) recent state-level legislation may require the retention of email for prescribed periods of time, serving up a host of new compliance challenges, with laws differing by state and industry. Because of the complicated regulatory climate, there is a high level of variance inherent in email governance best practices from company to company.

All IT managers would very much like to reduce the resources used to archive and retrieve corporate email; however, until knowledge workers are able to better prioritize and classify their emails by various predefined dimensions (such as user, topic, size, number and types of attachments, etc.) such resource reduction will be near impossible. Exacerbating common classification problems, many departmental email servers are configured to forever keep copies of all mail that proceeds through the system, creating storage and versioning problems, as emails may begin to reside in different native formats over time. A common counter-reaction to email overload is placing a dedicated delete policy on employee inboxes, thus relying on the user to properly back up and archive their emails and attached records on a "safe and secure" networked storage area. However this "managed folders approach" can put too much responsibility in the hands of the individual email user (who is already overloaded with email content) and allows for mission critical and sensitive emails (and their attachments) to get deleted and lost before they can be archived. Other problems may arise when electronic mail users chose to use their email account as a virtual file server, never properly storing mail-attached documents in a safe place because they think they can always access them from their account on a mail server. Retention concerns become more complicated when employees or consultants use personal computers or mobile devices (such as PDAs) that can not be easily monitored and controlled by IT administrators. As enterprise messaging expands to include things like instant messaging (IM) and other forms of mobile communication and collaboration, retention policies start to quickly break down. It is very difficult to know what is leaving organizational boundaries (possibly valuable intellectual property) by electronic messaging means, let alone save it in accordance with an archiving schedule.

Often the need for expertise in retention and electronic discovery does not arise until an unexpected audit or legal action occurs and it becomes apparent that the infrastructure does not provide easy and targeted retrieval of the documents that are sought. Emergency requests driven by a firm's legal department will invariably cause a good deal of scrambling by both IT and compliance managers in order to discover or reconstruct information that has often been buried within backup tapes, or worse yet, destroyed. Make no mistake a out it, assisting counsel with litiga tion discovery and developing models that detail the "period of exposure" (i.e. turnaround time and operational costs) for satisfying these discovery requests, is something IT managers are asked to do more and more frequently.

The best technology solutions will automatically categorize and lucidly organize email in physical/logical folders or classes of compartments, taking advantage of recent advancements in data and network virtualization where possible. Technological side benefits of such a solution will allow companies to sonorously shrink the size of their email archives and eliminate pathological redundancies in message content; storage management costs will also be summarily reduced. At the solution's core will be a distributed web based application that will allow for intuitive key-word searching, quick discovery, and indexed retrieval to solve the most vexing of compliance and regulatory inquiries and dynamic audit events.

Like all governance efforts, IT and the business must work in tandem to identify responsibilities as they pertain to content vulnerabilities. Just as executive management and legal personnel need IT's help in realistically understanding retention technology capabilities, IT will require clear guidance on what system controls to implement per corporate document retention policy. Companies must have the collective will to discuss and prioritize email governance issues and be proactive in addressing retention policies before a legal action or unauthorized dissemination of classified information puts the enterprise at a competitive disadvantage. Most importantly, employees company-wide must be familiar and comfortable with general email and document retention policies if such directives are to achieve uniform success across the enterprise.

William Laurent is a renowed independent consultant in data and IT strategy. Laurent has a diverse systems background - most notably as president of National Information Management Inc. - successfully designing and managing implementation of projects for the insurance, banking, finance, government, technology and entertainment industries. Laurent would enjoy receiving your comments, ideas or inquiries via email at wlaurent@williamlaurent.com.


For more information on related topics, visit the following channels:



Industry Vendors