Electronic Records Management: A Checklist for Success

Jesse WilkinsApril 15, 2009

EMAIL MANAGEMENT TECHNOLOGIES

2

Messaging system

• Not built to store massive amounts of messages– And attachments– And manage as records

• Difficult to search across

inboxes– Discovery, auditing

3

Print & file

• Common approach

• Challenges:– Loss of metadata– Attachments– Typical threaded email

message– Volume to print and to file– Authenticity (phishing)

4

Backup tapes

• Archival vs. backup

• Backups store data, not files or messages

• Multiple copies of data

• Readability of older tapes– Format, media, hardware

5

Email management applications

• Move messages out of the messaging application

• May provide simple retention management– But NOT records management solutions

• Many different capabilities available

6

Email archiving

• Copy or remove messages from messaging application store to other storage

• Enforce rules for archiving based on age, size, user, or mailbox quotas

• Enable centralized message capture and management

7

Email compliance

• Provide compliance functionality for specific requirements– HIPAA, S-OX, etc.

• Message monitoring

and notification

• Message auditing

• Incident and case

management8

Email discovery

• Provide litigation hold for email messaging system

• Message search, review, and production

• Evidence preservation

• Annotation and redaction

• Case management

9

Encryption and digital signatures

• Encryption solutions encrypt messages from - and sometimes within - the organization

• Digital signature solutions used to sign messages from the organization

• Generally managed

centrally

10

Email security

• Designed to protect the organization

from external threats

• May provide attachment

blocking and filtering

• May protect against directory

harvest attacks

• May provide spam blocking

11

Personal archive management

• Search the network to find .pst files

• Extract messages and moves them into the email archive

• May also leave .pst files in place but note location and index their contents

• Often provide single-instance storage and de-duplication

• Enforce policies for .pst files

12

Policy management

• Provide enforcement of

policies and procedures– Ethical walls– Content filtering– Attachment filtering

• May also provide audit

trails for actions taken

13

ECRM solutions

• Most systems support email management

• May run at server or client

• Many support single-instance storage

• May allow declaration, management of messages as records

• Varying support for attachment management, metadata management

14

EMAIL MANAGEMENT IMPLEMENTATION MODELS

15

Implementation models

• The solutions listed earlier use a number of different implementation models– Appliance– Application server– Hosted– Client/plug-in

• Some providers offer several implementation models

16

Appliance-based solutions

• The solution is pre-installed on a server

• Connected to the network and the messaging application

• Fairly common approach for email security and archiving

• Database considerations

17

Appliance considerations

Benefits:

• No need for separate hardware

• Minimal need to configure system

Drawbacks:

• May not be robust enough

• Hardware may not be upgradable

• May only work with certain platforms

18

Application server

• The solution is installed on a server on the network and connected to the messaging application

• Most common approach today

• May require RDBMS

• Solution may need to be installed on the messaging application server– BAD!

19

Application server considerations

Benefits:

• Hardware can be upgraded to meet solution requirements

• Wide choice of hardware to choose from

Drawbacks:

• Requires dedicated hardware and configuration

• May only work on certain platforms20

Hosted solutions

• Solution is provisioned by a third party

• Highly available and scalable

• Subscription-based pricing

21

Hosted solution benefits

• The organization can purchase only as much as is needed

• Someone else has responsibility for backup, configuration, security

• Generally platform-independent

• May reduce internal network traffic

22

Hosted solution drawbacks

• Cultural considerations

• Reliability issues

• Vendor stability

• Discovery issues

• Migration considerations

23

Client/plug-in

• Solution is installed on users’ machines, either as stand-alone application or plug-in

• Most solutions can be deployed using scripts or policy objects; some must be installed manually

• Client applications run

separately; plug-ins are

integrated into the client

24

Client benefits and drawbacks

Benefits:

• Only deploy to users who require it

Drawbacks:

• Decentralized deployment and usage can be difficult to manage

• May require specific configurations, clients, security settings, etc.

• Leaves it under control of the user25

SELECTING THE RIGHT SOLUTION FOR YOU

26

Who is involved in the selection?

• IT– Own the existing messaging application– Installation and configuration of system– Support for system

• Records management– Understand recordkeeping and compliance

requirements

• Legal– Understand litigation support requirements

27

Determine the goal of the solution(s)

• What are the problems to be addressed?– Operational efficiency (user-focused)– Storage/management costs– Security/compliance

• Prioritize among the

issues to be addressed

and proposed solutions

28

Gather requirements

• Gather, identify, and validate requirements

• Business requirements– The problem(s) to be addressed

• Functional requirements– What type of functionality will solve the

problem(s)?

• Technical requirements

29

Research

• Research the available solutions– Vendor resources– Trade publications– Conferences– Associations– Consultants and

analyst firms– Standards and guidelines

30

The short list

• Determine the vendors to consider

• Narrow the list based on the messaging applications and platforms supported, key functionality, and deployment models

• Invite remaining vendors to provide demonstrations, references, and pilots

31

Select the solution

• Cost should be a factor but not the most important criteria– Pricing is not the same as cost

• Select the solution that most closely matches organization’s requirements

• Select a vendor you can work with and that is committed to the relationship

32

Summary

• Email management technologies can assist in managing email better– But they are not records management

solutions

• Requirements are a key part of the discussion

• Solution should be selected by IT, RM, legal

33

Questions?

34