What is Email Management?

Why are we sending so much email?

It is easy

It is nearly instantaneous

It is asynchronous

It is convenient

It is platform-neutral

There is a written record of communication

What is email management?

As the de facto standard for business communication, removing emails from the server and saving them to a repository is not enough. Email must be classified, stored, and destroyed consistent with business standards-just as with any other document or record.

Email management is NOT:

Saving all email messages forever

Saving all email messages in the messaging application

Setting arbitrary time limits for all messages

Setting arbitrary mailbox sizes for all users

Declaring “email” as a record series

Doing nothing

Business drivers

Email incorporated into business processes

Volume of email overwhelms manual management processes

Changes to U.S. FRCP

Changes to privacy regulations

Compliance, collaboration, cost, and continuity

Why email management?

Email is different from other information types

Volume

Informality

Ease of creation

and forwarding

Attachments

Metadata

Email requires different tactics

Email Management – An Oxymoron?

Survey of 1,043 end users

18% spent 50%+ of their

time on email

35% have not yet begun

to address core email

management issues

41%: “Much remains to be done”

Email Management – An Oxymoron?

44% have a strategy for email retention

73% believe retention of email will be important

72% want email archival integrated into enterprise content management (ECM), electronic records management (ERM), or enterprise information management (EIM) platforms

Cost of capturing everything

Capturing everything is expensive

Cost of storage

Cost to manage storage and backups

Cost to productivity

Cost to restore messages

Cost of discovery

Risk of inadvertent disclosure

Email management principles

Email must be managed according to content and value to the organization

Email should be stored appropriately

Email is not a records series

unto itself

Email can be more than

“ correspondence”

Email management principles

Email belongs to the organization, not the individual

Not always true – particularly

outside U.S.

Email is a business tool

90+% use email for business

Email should be used

appropriately

Manual email management

Relies on users to manage their own email

Focused on policy and procedure development, training, and auditing

Users determine which messages to keep

Users move messages manually into other storage locations

Folders on their PC, folders on network shares, other repositories

Automatic email management

Typically done at the messaging application

System retains certain messages automatically

All messages sent/received/internal

All messages from some users

All messages that meet certain content or metadata rules

Outsourcing email mgmt

Use a hosted service to provide email management services

Archival and storage

Security

Or outsource email entirely

e.g. Microsoft Exchange online or Google Apps Premium Edition

Selecting the right strategy

Do a risk assessment

Do a cost-benefit analysis

Cost of hardware and software

Operating costs

Consider the corporate culture

Will it tolerate the perception of privacy issues for outsourcing?

Automate to the extent possible

What is email governance?

Accountability for organization’s information assets – here, email messages and attachments

Good governance:

Ensures compliance with regulations and legislation

Enables productivity improvements

Enables organization to respond to change and new opportunities

Helps information exchange with customers, partners and providers

Sustains good information management practices

Email policy

Broad statements that reflect organization’s goals and culture

Many organizations use them to address acceptable usage

May include a number of other elements

Should be included in broader communications or information management policy

Email policy elements

Every organization’s email policy will be different

Public vs. private sector

Regulatory requirements, both horizontal and vertical

There are some common areas that should be addressed

Acceptable usage

Most common element of email policies today

Typically addresses things NOT to do:

Obscene language or sexual content

Jokes, chain letters, or business solicitations

Racial, ethnic, religious, or other slurs

May address signature blocks

Standardization, URLs, and pictures

Effective usage

Provides guidance on drafting messages

Wording and punctuation

Spell and grammar check

Effective subject lines

Provides guidance on email

etiquette

May also provide guidance

on addressees

Personal usage

Outlines whether personal usage is allowed at all

May outline limitations to personal usage

Which would certainly include the acceptable usage notes listed previously

Separation of personal and business usage within individual messages

External email account access

Describes whether users may access external email accounts from within the organization

Identifies any high-level limitations associated with that access

May also address whether users

can access organizations

accounts remotely

Ownership and stewardship

Outlines whether email is considered to be owned by the organization

Common in the U.S., but not as common in other countries

Outlines responsibility for stewardship of messages, both sent and received

Privacy

Outlines whether there is any expectation of privacy or not with organizational email

Significant differences within the U.S. vs. outside the U.S.

Outlines whether email will be monitored

Identifies who may have

access to an individual’s

email

Retention and disposition

Identifies that messages should be managed according to value

Identifies that messages should be retained according to records program, and dispositioned at the end of the lifecycle

Addresses management of messages

that are not records

Legal issues

Outlines that email is subject to discovery

Assigns responsibility for communicating legal holds

Describes whether or not

disclaimers will be used

May outline privilege issues

Encryption and digital signatures

Outlines whether encryption is allowed at all

If allowed, outlines what approaches available for encryption

Addresses whether to use digital signatures and what approaches to use

Mobile email

Most often found as part of general policies for mobile workers

Addresses security and technical requirements for mobile devices

Addresses requirements for anti-virus and anti-spam protection, encryption, and/or VPN

Addresses synchronization

Archival

Addresses whether/how email will be archived

Addresses whether personal archives will be allowed and how

they will be managed

May address backups

Security

Attachment limitations

Whether they can be sent at all

Size limitations

Format or content type limitations

Non-business-related attachments

Attachments vs. links

Content filtering

Encryption and DRM

Email processes and procedures

More detailed information for how to follow the policy guidance outlined above

Specific to different departments, processes, roles, and applications

These processes form the core of the Practitioner course

A common approach to policy development

HR drafts the policy

Legal and business unit leaders review (maybe)

HR publishes the policy

Managers or HR send out an email blast announcing the policy

HR enforces the policy

What’s wrong with this picture?

A better approach

Policy and procedures drafted in a vacuum will not reflect business reality

All key stakeholders should be involved in the drafting and/or review – including users

It requires communication and training

More than a single email blast

All of these steps apply to procedures as well

Email management technologies - 1

Email archiving

Email compliance

Email discovery

Email encryption and

digital signatures

Email management technologies - 2

Email security

Personal archive file management

Policy management

ECM/ERM/EIM

Email-enabled

applications

Email Practitioner course outline © AIIM | All rights reserved 9. Archival 1. Introduction 10. Email and ECM 8. Technologies 7. Security 6. Governance 5. Classification 4. The capture process 3. Architecture 2. Inside the inbox

www.aiim.org/training