340 likes | 520 Views
Electronic Records Management: A Checklist for Success. Jesse Wilkins April 15, 2009. Email management technologies. Messaging system. Not built to store massive amounts of messages And attachments And manage as records Difficult to search across inboxes Discovery, auditing.
E N D
Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009
Messaging system • Not built to store massive amounts of messages • And attachments • And manage as records • Difficult to search across inboxes • Discovery, auditing
Print & file • Common approach • Challenges: • Loss of metadata • Attachments • Typical threaded email message • Volume to print and to file • Authenticity (phishing)
Backup tapes • Archival vs. backup • Backups store data, not files or messages • Multiple copies of data • Readability of older tapes • Format, media, hardware
Email management applications • Move messages out of the messaging application • May provide simple retention management • But NOT records management solutions • Many different capabilities available
Email archiving Copy or remove messages from messaging application store to other storage Enforce rules for archiving based on age, size, user, or mailbox quotas Enable centralized message capture and management
Email compliance • Provide compliance functionality for specific requirements • HIPAA, S-OX, etc. • Message monitoring and notification • Message auditing • Incident and case management
Email discovery Provide litigation hold for email messaging system Message search, review, and production Evidence preservation Annotation and redaction Case management
Encryption and digital signatures • Encryption solutions encrypt messages from - and sometimes within - the organization • Digital signature solutions used to sign messages from the organization • Generally managed centrally
Email security • Designed to protect the organization from external threats • May provide attachment blocking and filtering • May protect against directory harvest attacks • May provide spam blocking
Personal archive management Search the network to find .pst files Extract messages and moves them into the email archive May also leave .pst files in place but note location and index their contents Often provide single-instance storage and de-duplication Enforce policies for .pst files
Policy management • Provide enforcement of policies and procedures • Ethical walls • Content filtering • Attachment filtering • May also provide audit trails for actions taken
ECRM solutions Most systems support email management May run at server or client Many support single-instance storage May allow declaration, management of messages as records Varying support for attachment management, metadata management
Implementation models • The solutions listed earlier use a number of different implementation models • Appliance • Application server • Hosted • Client/plug-in • Some providers offer several implementation models
Appliance-based solutions The solution is pre-installed on a server Connected to the network and the messaging application Fairly common approach for email security and archiving Database considerations
Appliance considerations Benefits: • No need for separate hardware • Minimal need to configure system Drawbacks: • May not be robust enough • Hardware may not be upgradable • May only work with certain platforms
Application server • The solution is installed on a server on the network and connected to the messaging application • Most common approach today • May require RDBMS • Solution may need to be installed on the messaging application server • BAD!
Application server considerations Benefits: • Hardware can be upgraded to meet solution requirements • Wide choice of hardware to choose from Drawbacks: • Requires dedicated hardware and configuration • May only work on certain platforms
Hosted solutions Solution is provisioned by a third party Highly available and scalable Subscription-based pricing
Hosted solution benefits The organization can purchase only as much as is needed Someone else has responsibility for backup, configuration, security Generally platform-independent May reduce internal network traffic
Hosted solution drawbacks Cultural considerations Reliability issues Vendor stability Discovery issues Migration considerations
Client/plug-in • Solution is installed on users’ machines, either as stand-alone application or plug-in • Most solutions can be deployed using scripts or policy objects; some must be installed manually • Client applications run separately; plug-ins are integrated into the client
Client benefits and drawbacks Benefits: • Only deploy to users who require it Drawbacks: • Decentralized deployment and usage can be difficult to manage • May require specific configurations, clients, security settings, etc. • Leaves it under control of the user
Who is involved in the selection? • IT • Own the existing messaging application • Installation and configuration of system • Support for system • Records management • Understand recordkeeping and compliance requirements • Legal • Understand litigation support requirements
Determine the goal of the solution(s) • What are the problems to be addressed? • Operational efficiency (user-focused) • Storage/management costs • Security/compliance • Prioritize among the issues to be addressed and proposed solutions
Gather requirements • Gather, identify, and validate requirements • Business requirements • The problem(s) to be addressed • Functional requirements • What type of functionality will solve the problem(s)? • Technical requirements
Research • Research the available solutions • Vendor resources • Trade publications • Conferences • Associations • Consultants and analyst firms • Standards and guidelines
The short list Determine the vendors to consider Narrow the list based on the messaging applications and platforms supported, key functionality, and deployment models Invite remaining vendors to provide demonstrations, references, and pilots
Select the solution • Cost should be a factor but not the most important criteria • Pricing is not the same as cost • Select the solution that most closely matches organization’s requirements • Select a vendor you can work with and that is committed to the relationship
Summary • Email management technologies can assist in managing email better • But they are not records management solutions • Requirements are a key part of the discussion • Solution should be selected by IT, RM, legal