20110512-1 ARMA Boston Email Policy


Published on

This presentation at the 2011 ARMA Boston Spring Seminar described structural and policy elements to include in a comprehensive email policy as well as the steps involved in developing a policy.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • At this point I’d be pleased to entertain your questions.
  • 20110512-1 ARMA Boston Email Policy

    1. 1. ARMA Boston Spring Seminar 2011<br />Jesse Wilkins, CRM<br />Managing Your Email Better<br />
    2. 2. Developing an email policy<br />Identifying and classifying messages as records<br />Managing the inbox better – by managing less email<br />Better collaboration WITHOUT email<br />Seminar agenda<br />
    3. 3. Developing an Email Policy<br />
    4. 4. Email policy elements<br />Policy statements<br />The policy development framework<br />Session agenda<br />
    5. 5. Email policy elements<br />
    6. 6. Every organization’s email policy will be different<br />Public vs. private sector<br />Regulatory requirements, both horizontal and vertical<br />There are some common areas that should be addressed<br />Lots of references andexamples available<br />Email policy elements<br />
    7. 7. Purpose<br />Scope <br />Responsibilities<br />Definitions<br />Policy statements<br />References<br />Policy elements<br />
    8. 8. This policy has three purposes:<br />Establish definitions relevant to the email management program<br />Describe usage policies relating to email<br />Describe security and technology policies relating to email<br />Scope: This policy is applicable to the entire enterprise. <br />Purpose and scope<br />
    9. 9. Responsibilities for policy development and maintenance<br />Responsibilities for policy administration<br />Responsibilities for compliance with policy<br />Responsibilities<br />
    10. 10. Uncommon terms<br />Common terms used in an uncommon fashion<br />Acronyms and abbreviations<br />Definitions<br />
    11. 11. Many different elements available<br />Detailed in the next section<br />Policy statements<br />
    12. 12. List any references used to develop the policy<br />Internal strategic documents<br />Records program governance instruments<br />Statutes and regulations<br />Publications <br />Examples and templates<br />References<br />
    13. 13. Detailed instructions for complying with policies<br />Often separate document(s)<br />Each of the policy statements will have one or more procedures<br />May be specific to process, business unit, jurisdiction, and/or application<br />Procedures<br />
    14. 14. Email policy statements<br />
    15. 15. Most common element of email policies today<br />Typically addresses things NOT to do:<br />Obscene language or sexual content<br />Jokes, chain letters, business solicitation<br />Racial, ethnic, religious, or other slurs<br />May address signature blocks<br />Standardization, URLs, pictures<br />Acceptable usage<br />
    16. 16. Guidance on writing emails<br />Wording and punctuation<br />Spell check and grammar check<br />Effective subject lines<br />Guidance on email etiquette<br />Guidance on addressees<br />Effective usage<br />
    17. 17. Whether personal usage is allowed<br />Any limitations to personal usage<br />Separation of personal and business usage within individual messages<br />Personal email account access<br />Personal usage<br />
    18. 18. Whether email is considered to be owned by the organization<br />Responsibility for stewardship of messages, both sent and received<br />Privacy and monitoring<br />Third-party access<br />Ownership and stewardship<br />
    19. 19. Email is a medium, not a record type or series<br />Email messages can be records<br />Other information objects that might need to be treated as records<br />Read receipts<br />Bounced messages<br />Retention and disposition<br />
    20. 20. Email can be subject to discovery<br />Assigns responsibility for communicating legal holds<br />Describes whether or not email disclaimers will be used and how<br />May outline privilege issues<br />Legal issues<br />
    21. 21. Outlines whether encryption is allowed<br />What approaches to use<br />Whether digital signatures are allowed<br />What approaches to use<br />Encryption and digital signatures<br />
    22. 22. Most often found as part of general policies for remote workers<br />Requirements for mobile devices<br />Requirements for web-based access<br />Synchronization and login requirements<br />Mobile and remote email<br />
    23. 23. Addresses whether email will be archived<br />Addresses whether personal archives will be allowed <br />May address backups – but backups are not archives<br />May also address public or managed folders<br />Archival<br />
    24. 24. Attachment limitations<br />Whether they can be sent at all<br />Size limitations<br />Content type limitations<br />Attachments vs. links<br />Content filtering<br />Encryption and DRM<br />Security<br />
    25. 25. Policy development framework<br />
    26. 26. Approach to developing and implementing a policy<br />Ensures that policy development is consistent with organizational goals<br />Ensures that policy meets legal and regulatory requirements<br />The policy framework<br />
    27. 27. Policy development requires time and energy from users and stakeholders<br />So does policy implementation<br />Ongoing compliance will require <br />auditing and communication<br />None of this happens without management support<br />1. Get management support<br />
    28. 28. Policy should address the entire enterprise<br />Stakeholders should include:<br />Business unit managers<br />End users<br />Legal, RM, IT<br />External customers and partners<br />2. Identify stakeholders<br />
    29. 29. What changes are being introduced? <br />Processes, technologies<br />What are the desired outcomes?<br />What behavioral changes should result?<br />3. Identify the goals of the policy<br />
    30. 30. Legal research<br />Organizational research<br />Public research<br />Standards and guidelines<br />Benchmarking<br />Consult with similarorganizations<br />Analyze the results<br />4. Conduct the research<br />
    31. 31. Collaborative and iterative process<br />There are a number of resources available to provide an email policy framework<br />These are starting points and need to be customized for your requirements<br />5. Draft the policy<br />
    32. 32. Review by legal, HR, users<br />Ensures it is valid<br />Ensures it will work within existing organizational culture<br />Change management <br />6. Review the policy<br />
    33. 33. Policy is reviewed by business managers, senior management<br />Complete revisions as necessary<br />Approve the policy<br />7. Approve the policy<br />
    34. 34. Communication<br />Training<br />Auditing<br />8. Implement the policy<br />
    35. 35. Monitor for compliance with policy<br />Solicit feedback about policy<br />Provide refresher training as required<br />Consider whether to retain <br />previous versions of the policy<br />Plan for periodic review and maintenance<br />9. Once the policy is live<br />
    36. 36. Questions?<br />