This presentation at the 2011 ARMA Boston Spring Seminar described structural and policy elements to include in a comprehensive email policy as well as the steps involved in developing a policy.
20230419-3 ARMA Nebraska Prof Dev for Info Pro.pptx
20110512-1 ARMA Boston Email Policy
1. ARMA Boston Spring Seminar 2011 Jesse Wilkins, CRM Managing Your Email Better
2. Developing an email policy Identifying and classifying messages as records Managing the inbox better – by managing less email Better collaboration WITHOUT email Seminar agenda
6. Every organization’s email policy will be different Public vs. private sector Regulatory requirements, both horizontal and vertical There are some common areas that should be addressed Lots of references andexamples available Email policy elements
7. Purpose Scope Responsibilities Definitions Policy statements References Policy elements
8. This policy has three purposes: Establish definitions relevant to the email management program Describe usage policies relating to email Describe security and technology policies relating to email Scope: This policy is applicable to the entire enterprise. Purpose and scope
9. Responsibilities for policy development and maintenance Responsibilities for policy administration Responsibilities for compliance with policy Responsibilities
10. Uncommon terms Common terms used in an uncommon fashion Acronyms and abbreviations Definitions
12. List any references used to develop the policy Internal strategic documents Records program governance instruments Statutes and regulations Publications Examples and templates References
13. Detailed instructions for complying with policies Often separate document(s) Each of the policy statements will have one or more procedures May be specific to process, business unit, jurisdiction, and/or application Procedures
15. Most common element of email policies today Typically addresses things NOT to do: Obscene language or sexual content Jokes, chain letters, business solicitation Racial, ethnic, religious, or other slurs May address signature blocks Standardization, URLs, pictures Acceptable usage
16. Guidance on writing emails Wording and punctuation Spell check and grammar check Effective subject lines Guidance on email etiquette Guidance on addressees Effective usage
17. Whether personal usage is allowed Any limitations to personal usage Separation of personal and business usage within individual messages Personal email account access Personal usage
18. Whether email is considered to be owned by the organization Responsibility for stewardship of messages, both sent and received Privacy and monitoring Third-party access Ownership and stewardship
19. Email is a medium, not a record type or series Email messages can be records Other information objects that might need to be treated as records Read receipts Bounced messages Retention and disposition
20. Email can be subject to discovery Assigns responsibility for communicating legal holds Describes whether or not email disclaimers will be used and how May outline privilege issues Legal issues
21. Outlines whether encryption is allowed What approaches to use Whether digital signatures are allowed What approaches to use Encryption and digital signatures
22. Most often found as part of general policies for remote workers Requirements for mobile devices Requirements for web-based access Synchronization and login requirements Mobile and remote email
23. Addresses whether email will be archived Addresses whether personal archives will be allowed May address backups – but backups are not archives May also address public or managed folders Archival
24. Attachment limitations Whether they can be sent at all Size limitations Content type limitations Attachments vs. links Content filtering Encryption and DRM Security
26. Approach to developing and implementing a policy Ensures that policy development is consistent with organizational goals Ensures that policy meets legal and regulatory requirements The policy framework
27. Policy development requires time and energy from users and stakeholders So does policy implementation Ongoing compliance will require auditing and communication None of this happens without management support 1. Get management support
28. Policy should address the entire enterprise Stakeholders should include: Business unit managers End users Legal, RM, IT External customers and partners 2. Identify stakeholders
29. What changes are being introduced? Processes, technologies What are the desired outcomes? What behavioral changes should result? 3. Identify the goals of the policy
30. Legal research Organizational research Public research Standards and guidelines Benchmarking Consult with similarorganizations Analyze the results 4. Conduct the research
31. Collaborative and iterative process There are a number of resources available to provide an email policy framework These are starting points and need to be customized for your requirements 5. Draft the policy
32. Review by legal, HR, users Ensures it is valid Ensures it will work within existing organizational culture Change management 6. Review the policy
33. Policy is reviewed by business managers, senior management Complete revisions as necessary Approve the policy 7. Approve the policy
35. Monitor for compliance with policy Solicit feedback about policy Provide refresher training as required Consider whether to retain previous versions of the policy Plan for periodic review and maintenance 9. Once the policy is live