Unless these cover everyone within an organization, without exception, they're not providing true compliance. Emails from everyone who corresponds with an organization, inside or outside, often must be retained for the maximum length of time stipulated in any relevant legal or industry regulation.
East Northport, NY (PRWEB) December 17, 2007
Chief Information Officers (CIOs) and IT managers alarmed by recent stories about deletion of data by government agencies and financial services organizations are beginning to ask pointed questions about their own email archiving solutions. According to email compliance experts at Forensic & Compliance Systems (FCS) developer of Cryoserver, the world's leading forensic email archiving and compliance solution, those questions are often well-founded. To help CIOs and IT managers make tough decisions about their ability to remain compliant with ever-changing regulations and requirements, FCS is providing its Cryoserver Seven Point Expert Scorecard for Choosing an Email Archiving System. Chief Information Officers and IT managers can also visit FCS at http://www.cryoserver.com/compliance to learn more about email archiving compliance.
"We have heard CIOs and IT managers ask, 'Are our email systems compliant? Will they provide the forensic capabilities required for court submission? Are our email policies creating compliance nightmares?'," says Forensic & Compliance Systems CIO Andy Whitaker. "That last question is often a large cause for their alarm. Many email archiving solutions claim to be compliant. But compliant to what? The answer very much depends on where you are located and in which industry segment you operate."
Whitaker warns that there are often numerous national legal regulations or industry requirements for organizations to follow in order to be truly compliant when archiving email.
"Beware of so-called policy-based email archive solutions," warns Whitaker. "Unless these cover everyone within an organization, without exception, they're not providing true compliance. Emails from everyone who corresponds with an organization, inside or outside, often must be retained for the maximum length of time stipulated in any relevant legal or industry regulation."
He recommends that CIOs and IT managers consider three main features when assessing an email compliant product for use within their organizations:
Integrity - Archived email must be an exact duplicate of email as it was received at the email server. It must be protected from modification and deletion during the time it is retained in the email archive.
Privacy - Archived email must only be available to the sender and recipients of the emails or authorized email archive administrators.
Auditability - Archived email must generate an audit trail documenting any and all access to the email stored, which must also be secure from tampering or deletion. The audit trail should log what actions were performed and what emails were recovered or viewed along with the identity of the person performing the search.
These considerations form the basis of the Cryoserver Seven Point Expert Scorecard for Choosing an Email Archiving System:
Point 1: Captures All
If you cannot capture all email data then you cannot be truly compliant.
Point 2: Excludes None
If you use complex policies and exclude some data you will not meet compliancy regulations.
Point 3: Shows Tampering
If a system isn't tamper proof and evidence of tampering cannot be determined then it cannot be compliant.
Point 4: Audits Everything
If you cannot audit or trace the Who, What and Why of an email archive search then you can't be truly compliant.
Point 5: Alters Nothing
If data stored cannot be retrieved and proven not to be altered since stored in the email archive then you are not truly compliant.
Point 6: Controls Access
If you cannot show control over access to the archive then you are not truly compliant.
Point 7: Assures Forensics-Grade Reporting
If you can't provide forensic grade reporting then you are unlikely to meet compliancy regulations.
"If the email archiving compliance solution that a Chief Information Officer or IT manager is evaluating fails any of these seven basic points, he or she needs to look elsewhere," recommends Whitaker.
About FCS and Cryoserver
Forensic and Compliance Systems (FCS), is a privately-held company headquartered in Dublin, Ireland, with offices in London, Florida and New York and Colorado. The Cryoserver product line is a scalable, forensic e-mail compliance archive that enables organizations to automatically and securely collect, store and index all e-mail communication - via a convenient, tamper-evident appliance. This enables forensic analysis of an organization's entire e-mail history that is ready for court submission if necessary. The entire range of solutions is available from a network of channel partners. For details please visit http://www.Cryoserver.com or call 720-746-0408.
Media Contact for Cryoserver:
Communication Strategy Group