|
|
|
|
|
|
|
|
 |
What are the issues behind e-mail archiving?
|
|
|
When it comes to e-mail management, many companies still focus only on taking immediate actions like implementing virus protection and spam filtering, and do not yet regard e-mail as a long-term business process.
Because electronic messages are regarded as commercial documents, new legal statutes like the GDPdU in Germany and the Sarbanes-Oxley Act in the US now require businesses to keep e-mails on file for specific timeframes. To ensure that e-mail traffic is properly documented and can survive an audit, businesses must now view the connection of e-mail with archiving systems as a high priority. Many businesses don't archive e-mail at all, however, and some leave it to employees to decide what is legally relevant. In this case formalized e-mail archiving guidelines can help, but in many organizations these also do not yet exist.
|
|
|
Which regulations must be followed when archiving e-mail?
|
|
|
Many businesses are either incognizant of compulsory electronic archiving regulations or indefensibly neglect them. There are a number of e-mail archiving regulations that businesses should diligently observe to create an element of legal security. Organizations are always on the safe side when they have documented their business processes—including incoming and outgoing e-mails—and have archived this information so that it is complete, tamper-proof and effective in cases of controversy.
Important German regulations that impact e-mail archiving include the tax code, the principles of proper bookkeeping, the principles of data access and auditability of digital documents (GDPdU) and the principles of proper data-processing-based bookkeeping systems. These regulations mandate not only completeness, but require that archiving processes be both tamper-proof and audit-proof.
|
|
|
What are the consequences of violating legal statutes?
|
|
|
Violation of legal statutes can lead to costly legal processes, punishments and penalties into the millions, claims for third-party damages and loss of public image. In some cases imprisonment threatens those responsible. For example, the Federal Data Protection Act (BDSG) in Germany has recently been amended to provide significantly stronger rules for governing cases where someone has been damaged through intentional or negligent misuse and storage of personal data. The rules put the burden of proof not on the person damaged, but instead on the person who caused the damage, who must prove the information was handled properly.
|
|
|
How can organizations set about implementing an e-mail archiving project?
|
|
|
Today, e-mails can be centrally transferred to an archiving system without error or omission. To ensure that archived e-mails are tamper-proof, incoming and outgoing messages should be intercepted on the mail server and transferred to the archiving system as originals before they are delivered to their recipients. The possibility of user tampering is thus excluded, because users only receive copies of the original e-mails. Leveraging indexing and keywords, e-mails can then be easily located and securely restored on demand. This enables fast access to centrally managed information and ensures compliance with regulatory requirements for audit-proof archiving.
Before they are archived, e-mails should be additionally filtered for spam and viruses to ensure that only business-relevant messages are stored. Solutions like iQ.Suite also provide the ability to automatically classify e-mails according to content before archiving them. This makes later retrieval significantly easier.
Integrating the e-mail platform with CRM and ERP systems is also no longer a major challenge.
|
|
|
What are the benefits of server-side e-mail archiving?
|
|
|
Directly archiving e-mails on the server ensures that messages are automatically and completely archived as originals. Recipients receive only copies, and do not need to be involved in the archiving process. It also becomes impossible for users to manipulate e-mail content or to intentionally or accidentally delete messages.
The server-sided approach also provides the opportunity to implement additional processing steps associated with archiving, for example spam and virus filtering or e-mail classification that take place before storage. Implementing similar steps on client desktops would be extremely labor-intensive and clearly expensive.
|
|
|
How does E-mail Lifecycle Management impact archiving?
|
|
|
E-mail Lifecycle Management focuses on the entire lifecycle of an e-mail from its creation to its deletion, similar to the classic document management concept everyone is familiar with. iQ.Suite is a set of tightly interlocking software modules from GROUP Technologies that makes it easy to implement ELM in the enterprise. The solution makes sure e-mails are properly organized and stored after they have entered and before they leave the organization so that they can be retrieved, edited and saved during their prescribed lifetime without the risk that their original context is lost. The review, classification and filtering of e-mails is, in the end, implemented to achieve this goal.
|
|
|
How is ELM different from ILM?
|
|
|
Solutions for Information Lifecycle Management (ILM) come into play only after data is "storage ready" on the e-mail client. Whether users have intentionally or accidentally modified e-mails—or completely deleted them—is irrelevant to the process. This makes it impossible to ensure that e-mails are properly and completely archived. A reliance on storage management as prescribed by ILM solutions can thus lead to legal sanctions—for example when important data contained in e-mails cannot be produced during an audit.
More importantly, conventional ILM strategy fails to take advantage of the opportunity to significantly improve the organization's e-mail process. That's where E-mail Lifecycle Management comes in. When e-mail volume is minimized through spam defense, physical storage requirements are reduced. When flexibly configurable guidelines are used to sort, classify and assign incoming e-mails and their attachments to individual business processes according to type and ownership, messages become more effectively archived and faster to locate again on demand. Unlike ILM, the goal of ELM is to optimize the e-mail process and to focus on the business relevant.
|
|
|
How can e-mail archiving be implemented with iQ.Suite?
|
|
|
There are three modules within iQ.Suite: Organizations can implement e-mail archiving with iQ.Suite Safe or leverage leading archiving solutions from third party vendors by connecting them to iQ.Suite using iQ.Suite Bridge. Data secured in iQ.Suite Safe can be safely and easily transferred to another audit-proof archiving system at a later time if desired. iQ.Suite Store supports the external storage of messages and attachments on inexpensive media and enables when used in combination with the module iQ.Suite Bridge to centrally archive e-mails before they are delivered using a rule-based process that runs on the e-mail server.
iQ.Suite Safe
Before messages are delivered, iQ.Suite works in the background to centrally store tamper-proof, original versions of e-mails in various logical archives. The use of multiple archives is supported, and functions for searching and restoring previously archived e-mails are provided. Only clean, business-relevant e-mails are stored, and the multiple-copy archiving scenario that results from non-centralized processes is eliminated. External and internal e-mail processes are completely re-constructible and verifiable, and the integrity of archived messages is at all times ensured. iQ.Suite Safe therefore supports the direct requirements of ISO 9000ff. Internal corporate security guidelines for archiving, such as restricting access to secured data to authorized personnel, can also be optimally implemented with iQ.Suite Safe.
iQ.Suite Bridge
iQ.Suite Bridge connects third-party archiving systems from leading vendors such as SAPERION, TJ Group and others to iQ.Suite. The module runs on the mail server and is centrally configurable. Its role is to intercept messages before delivery and securely transfer them to external archiving systems after they have been reviewed for spam, viruses and compliance with guidelines. Tamper-proof copies of messages are automatically stored in individual databases, and as desired encrypted. This reduces the burden on the mail server and on the archiving system.
Security considerations stand in the foreground. Messages reach their recipients only after they have been checked and filtered. This also helps prevent the unauthorized distribution of sensitive documents via e-mail. Existing archive systems can also be connected to the e-mail platform and used for e-mail archiving.
In addition, iQ.Suite sends important metadata like the e-mail header, processing details and search engine category to the archiving system. E-mail correspondence can then be immediately restored at a later time, for example during a tax audit or for other internal or external audits, using keyword searches.
iQ.Suite Store
iQ.Suite Store uses customizable rules to control all processes associated with the legally-compliant, automated archiving of e-mails and attachments—up through and including their deletion after specified timeframes. The scalable module supports compression, encryption and the external storage of messages and attachments on inexpensive media. It also delivers a comprehensive search facility and makes it possible to restore true originals of e-mails into user mailboxes.
iQ.Suite Store can in addition operate as the interface between the messaging system and archiving solutions (for example FileNet, SER, COI and Axxento) or storage systems (for example IBM Tivoli Storage Manager, EMC Centera, NetApp Snaplock, Grau Data Storage and NT File System (NTFS)).
When used in combination with the module iQ.Suite Bridge, iQ.Suite Store makes it possible to centrally archive e-mails before they are delivered using a rule-based process that runs on the e-mail server. This centralized approach not only relieves the e-mail system from the need to handle archiving processes and data—it ensures that stored messages are tamper-proof and enables "single instance" archiving of redundant e-mail attachments. In addition to being able to integrate with archiving and records management systems, iQ.Suite Bridge can also tie other critical applications like compliance, ECM/DMS and ERP systems into iQ.Suite to yield a comprehensive E-mail Lifecycle Management solution.
|
|
|
How can organizations ensure that the e-mail archiving process is audit-proof?
|
|
|
Companies are required to store e-mails for specific timeframes depending on their content so that archived messages can be later restored for audit purposes. Internal corporate guidelines must be taken into account during the archiving process.
What’s important here is to intelligently connect the e-mail infrastructure and the archiving system to create a solid basis for implementing both regulatory compliance and efficient e-mail management. Using interfaces like iQ.Suite Bridge, archiving systems can be seamlessly connected to the e-mail system. Tamper-proof versions of messages can then be transferred to an audit-proof archiving system directly on the server, and at a later time located with keyword searching and restored.
|
|
|
How can we get the exploding volume of e-mail under control?
|
|
|
According to the Computer Industry Almanac, the number of worldwide internet users has for the first time in 2005 exceeded one billion, and analysts expect e-mail volume to continue increasing. With iQ.Suite, only business-relevant messages reach user mailboxes and archiving systems. Server-side filtering of incoming and outgoing e-mails for spam, viruses and prohibited attachments prevents unnecessary growth in data volume.
Any e-mail software in use should be able to incorporate established corporate guidelines into the filtering process. This is ensured by iQ.Suite's flexibly configurable rule-based framework. The existence of such automated rules should also be communicated to every affected employee in the business. This "e-mail policy" then makes it possible to clearly define what is allowed and not allowed with respect to e-mail usage. What should be avoided in all circumstances is the oblivious and simple deletion of e-mails, as this can have very expensive consequences.
|
|
|
|
|
|
|
|
|
