You may be able to implement your policy with the tools you already have in house. Or, you may find that the email platform you are on is limited and you need to search for a third party vendor. This is where Sherpa Software's Attender Utilities suite comes to the rescue. Let us be your Sherpa to the top of the mountain of data that you are trying to conquer. Our uniquely designed products for Lotus Notes & Domino will help you get all this data under control and manage it in whatever way you see fit. No matter what you decide to manage, Domino Mail, Applications, IBM Sametime, Lotus Quickr or your file shares, there is a Sherpa product to help you implement and enforce your Compliance policies.
Email Regulatory Compliance: Preparing Your Organization
1. Email Regulatory Compliance:
Preparing Your Organization
By Denny Russell
Senior Product Specialist, Lotus Domino
456 Washington Avenue, Suite 2 ● Bridgeville, PA 15017
p (412) 206-0005 ● f (412) 206-0018
information@sherpasoftware.com ● www.sherpasoftware.com
3. Email Regulatory Compliance
Your Lotus Notes & Domino environment is a powerful communication tool. It probably consists of
several different data stores such as Domino Email & Application servers, Sametime servers, Quickr
servers and even file shares/servers. It lets you collaborate, share and store all the data you need to
efficiently do your job. With all the sharing of information, data can quickly grow and spin out of control.
As the data grows, so will your exposure.
This vulnerability can come in many different forms:
1. It could be running out of disk space and not being able to keep critical documents. This can and
will lead to performance issues which will slow down your network and kill productivity.
2. It could be the result of Litigation and/or HR requests. All of that data may be used in Litigation
and e-Discovery cases, which are serious problems depending on what side of the business you
are on.
Sure, disk space is still really cheap, or you could even move some of your data to the cloud. Throwing
more drives at it will solve the first issue to a point, but with that, you will see additional costs in terms of
time and money. And we are not just talking about time to install and set up this newly acquired space
but more so the long term residual effects of keeping tons of data forever. End users are always going to
want to keep everything and they may end up saving it in multiple places as well. Just adding additional
space only encourages this behavior and will also require additional backup and process costs.
Concerns for IT & HR/Legal Departments
Being part of an IT team means you are worried about two separate, but equally important, issues: server
space and performance. Your job is to keep the servers running at all times while managing the space so
there are no performance issues. As a member of the HR/Legal team, you are also worried about how
this data is going to harm your organization in the long run.
• Are you going to be liable if you have all this data floating around?
• Do you have everything that you are supposed to have based on your compliance and retention
policies?
• Where is all this data located?
• Who has access to it?
Several articles have been written on this topic in the past and are referenced in the “Related Articles and
Resources” section at the bottom of this article.
A recent Sherpa poll asked:
"Does your company have adequate compliance policies in place?"
60% answered “No”
Seriously, 60% of companies do not have a retention/compliance policy in place. It's been said that
"Failure to plan is planning to fail," and this is a perfect example. With all this data, organizations must
have a plan in place. This means getting data under control and managing it appropriately. No matter
what end users believe, they don't need or use all that data. And no matter what the industry, this data
does not need kept forever. For example, Financial Services must comply with the records management
regulations of the FINRA and Publicly Traded Companies must comply with the records management
regulations of the Sarbanes-Oxley (SOX) Act.
As departments work together, Legal/HR's role is to figure out what is best for the company as a whole.
Make sure it fits in with any laws and regulations that the business may fall under. Only keep the data that
is required and be mindful of what is needed to be retained based on industry regulations. Also, keep in
mind how the employees use and need the data and then present a plan to IT.
Page 3 of 5
4. Email Regulatory Compliance
Four Ways to Implement an Adequate Compliance Strategy
IT has the role of implementing that plan. Their role is to 1) guide Legal/HR in terms of what can and
cannot be done technically, and 2) ensure that the plan is implemented and adhered to. This means that
the Retention policy is being enforced and you can prove that you are managing data according to the
policy that has been put into place.
1.) Enforce Retention Policies
Since many industries are required by specific compliance regulations to secure and preserve documents
for a statutory period of time, Sherpa Software offers a variety of regulatory compliance software products
that allow you to implement and manage retention rules. Enforce policies on journal mailboxes, user
mailboxes, local/network .NSF files, public folders and Domino databases that define how long
information is kept in the system, who has access to what information and where it is stored long-term.
Policies can be enforced by multiple criteria with flexible configuration options that allow you to apply
policies to specific mail files, Domino Directory Groups and/or users with Mail Attender for Lotus Notes.
2.) Locate Content
The key to addressing compliance regulations is to make sure all pertinent information is located within
your Lotus Notes and Microsoft Exchange information stores. With the use of Sherpa Software's
proprietary e-Discovery technology, easily search and discover emails, attachments, databases, instant
messages and files that contain relevant business information. Locate data based on a variety of
customizable search criteria such as keywords, dates, addresses, file types and more with Discovery
Attender for Lotus Notes.
3.) Archive Information
After the data is located, the key to addressing regulatory compliance is to preserve the data in a secure
location where it can be managed and protected for extended periods of time. Sherpa Software's
archiving tools can easily archive data to any storage device visible to the network. Once the information
is secured and indexed in an archive location, administrators can control the level of access rights
provided to users, maintain audit trails of archive activity and enforce retention policies on archived
content to purge data upon its expiration with Mail Attender for Lotus Notes.
4.) Protect Document Authenticity and Reduce Corporate Liabilities
The email communications an organization's employees compose, send or forward either internally or
externally also need to be in line with corporate and regulatory compliance requirements. With Sherpa's
regulatory compliance software, you can govern how email is used by end-users in accordance to the
rules impacting your organization. Maintain the integrity of information by prohibiting users from
editing/deleting emails with specific content and prevent confidential emails and attachments from being
delivered based on administrator-specified qualifications with Compliance Attender for Lotus Notes.
You may be able to implement your policy with the tools you already have in house. Or, you may find that
the email platform you are on is limited and you need to search for a third party vendor. This is where
Sherpa Software's Attender Utilities suite comes to the rescue. Let us be your Sherpa to the top of the
mountain of data that you are trying to conquer. Our uniquely designed products for Lotus Notes &
Domino will help you get all this data under control and manage it in whatever way you see fit. No matter
what you decide to manage, Domino Mail, Applications, IBM Sametime, Lotus Quickr or your file shares,
there is a Sherpa product to help you implement and enforce your Compliance policies.
Page 4 of 5
5. Email Regulatory Compliance
Related Articles and Resources:
http://www.sherpasoftware.com/blog/survey-results-email-regulatory-compliance/
http://www.sherpasoftware.com/blog/preparing-for-information-management-2012/
http://www.sherpasoftware.com/blog/managing-your-email-the-complete-series/
http://www.sherpasoftware.com/solutions/enforce-regulatory-compliance.shtml
About the Author
Denny is the Senior Product Specialist for the Domino products at Sherpa Software.
Along with pre and post sales support, he is also involved with guiding the future
direction of the products. You’ll find him contributing to the company’s blog as a
writer and thought leader and he is also an Administrator for the Lotus
Notes/Domino environment (including Traveler, Sametime, Quickr and Blackberry
Enterprise Server for Lotus Notes) at Sherpa.
Prior to Sherpa, Denny worked as a Technical Trainer teaching everything from
basic end-user courses to Domino Administration and Development courses. His
credentials include being a Certified Domino Administrator, Certified Domino
Developer and Certified Domino Instructor since 1998. Denny holds a teaching degree in Business
Education from Indiana University of Pennsylvania.
When not working, you’ll find him spending time with his wife, two kids and his Labrador Retriever, Bella.
He also works with several youth organizations as a hockey coach and runs a website sharing those
experiences.
Page 5 of 5