IT Governance has the expertise and track record to assist
organisations in interpreting data privacy legislation and provide guidance on the Codes of Good Practice issued by the ICO.
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation has been designed
to update the current directive which was drafted in a time that was in technology terms, prehistoric. It’s time to evolve.
IT Governance has the expertise and track record to assist
organisations in interpreting data privacy legislation and provide guidance on the Codes of Good Practice issued by the ICO.
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation has been designed
to update the current directive which was drafted in a time that was in technology terms, prehistoric. It’s time to evolve.
Email marketing is a cost-effective method to acquiring and retaining subscribers. Whether you've been gathering subscriber email addresses for years or just getting started, you should be communicating regularly with your subscribers. In this workshop, you’ll learn how to build your email lists and construct email campaigns that will acquire, retain and build loyalty with your readers.
DAILY COMMODITY REPORT BY EPIC RESEARCH-6 SEPTEMBER 2012Epic Research
Epic Research is a leading financial services provider with presence in Indian and other global capital markets. Provides Stock Tips, Forex Tips, Commodity Tips, MCX Tips, Equity Tips, Intraday Tips, NSE Tips, BSE Tips, COMEX Tips, PCG Pack and NCDEX Tips. We provide services in equity, commodity and Forex market.
Email security is essential. Email communications provide for efficient and effective collaboration and are extremely important as business records, yet they have long been the target of criminals looking to spread malware and steal the information that they contain.
Data Governance in the Cloud: Managing Quality and Complianceferilion labs
In the era of cloud computing, data governance has become increasingly crucial for organizations to ensure the quality and compliance of their data. As businesses migrate their operations and data to the cloud, they encounter unique challenges in maintaining control, security, and integrity over their data assets. Effective data governance practices are essential to address these challenges and derive maximum value from cloud-based solutions.
Charting Your Path to Enterprise Key ManagementSafeNet
The increasingly prevalent use of data protection mechanisms in today’s enterprises
has posed significant implications. One of the most profound challenges relates to key
management, and its associated complexity and cost. Written for business leadership and
security architects, this paper looks at the past, present, and future of key management,
revealing how emerging trends and approaches will ultimately enable enterprises to optimize
both efficiency and security in the management of key materials.
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking
IBM automation systems, such as e-discovery and auto-classification, help financial firms achieve transparency and meet compliance requirements while maximizing the value of your existing content management architecture.
Learn how to implement process change initiatives through the use of effective change management strategies. This session will discuss how to redesign your system and processes to enable a 360 degree view of your prospects.
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...Osterman Research, Inc.
Organizations of all types – small businesses, professional organizations, government agencies, associations, and larger enterprises – have statutory obligations to retain important records sent, received and stored in their email systems. Moreover, organizations of various types, including government agencies, must also retain data for purposes of eDiscovery and similar types of obligations. Use of cloud-based archiving solutions offers a secure, reliable, compliant and profitable option for the channel.
This white paper explores the various obligations that organizations have to retain email and other content, and it explains the benefits to service providers of using cloud-based services to meet their archiving obligations. This white paper also provides a brief overview of Sonian, the sponsor of this white paper, and their relevant channel offerings.
This interactive two-day course explores proven techniques for reducing costs associated with implementing, using, and maintaining computer systems in regulated environments.
Nowadays, IT operations are required to run on a tight budget and under constant watch. Compliance, security and mobile innovation are making proper auditing of IT systems absolutely necessary. Knowing the most fundamental facts, like who changed what, when, and where, will save hours of troubleshooting, satisfy compliance needs, and secure the environment. This white paper shows a methodical approach to IT infrastructure auditing. That includes proper planning, estimation of time needed to implement an effective IT auditing solution, and critical resources.
Email marketing is a cost-effective method to acquiring and retaining subscribers. Whether you've been gathering subscriber email addresses for years or just getting started, you should be communicating regularly with your subscribers. In this workshop, you’ll learn how to build your email lists and construct email campaigns that will acquire, retain and build loyalty with your readers.
DAILY COMMODITY REPORT BY EPIC RESEARCH-6 SEPTEMBER 2012Epic Research
Epic Research is a leading financial services provider with presence in Indian and other global capital markets. Provides Stock Tips, Forex Tips, Commodity Tips, MCX Tips, Equity Tips, Intraday Tips, NSE Tips, BSE Tips, COMEX Tips, PCG Pack and NCDEX Tips. We provide services in equity, commodity and Forex market.
Email security is essential. Email communications provide for efficient and effective collaboration and are extremely important as business records, yet they have long been the target of criminals looking to spread malware and steal the information that they contain.
Data Governance in the Cloud: Managing Quality and Complianceferilion labs
In the era of cloud computing, data governance has become increasingly crucial for organizations to ensure the quality and compliance of their data. As businesses migrate their operations and data to the cloud, they encounter unique challenges in maintaining control, security, and integrity over their data assets. Effective data governance practices are essential to address these challenges and derive maximum value from cloud-based solutions.
Charting Your Path to Enterprise Key ManagementSafeNet
The increasingly prevalent use of data protection mechanisms in today’s enterprises
has posed significant implications. One of the most profound challenges relates to key
management, and its associated complexity and cost. Written for business leadership and
security architects, this paper looks at the past, present, and future of key management,
revealing how emerging trends and approaches will ultimately enable enterprises to optimize
both efficiency and security in the management of key materials.
IBM Banking: Automated Systems help meet new Compliance RequirementsIBM Banking
IBM automation systems, such as e-discovery and auto-classification, help financial firms achieve transparency and meet compliance requirements while maximizing the value of your existing content management architecture.
Learn how to implement process change initiatives through the use of effective change management strategies. This session will discuss how to redesign your system and processes to enable a 360 degree view of your prospects.
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...Osterman Research, Inc.
Organizations of all types – small businesses, professional organizations, government agencies, associations, and larger enterprises – have statutory obligations to retain important records sent, received and stored in their email systems. Moreover, organizations of various types, including government agencies, must also retain data for purposes of eDiscovery and similar types of obligations. Use of cloud-based archiving solutions offers a secure, reliable, compliant and profitable option for the channel.
This white paper explores the various obligations that organizations have to retain email and other content, and it explains the benefits to service providers of using cloud-based services to meet their archiving obligations. This white paper also provides a brief overview of Sonian, the sponsor of this white paper, and their relevant channel offerings.
This interactive two-day course explores proven techniques for reducing costs associated with implementing, using, and maintaining computer systems in regulated environments.
Nowadays, IT operations are required to run on a tight budget and under constant watch. Compliance, security and mobile innovation are making proper auditing of IT systems absolutely necessary. Knowing the most fundamental facts, like who changed what, when, and where, will save hours of troubleshooting, satisfy compliance needs, and secure the environment. This white paper shows a methodical approach to IT infrastructure auditing. That includes proper planning, estimation of time needed to implement an effective IT auditing solution, and critical resources.
Accounting Information Systems Australasian 1st Edition Romney Solutions Manualxexunidop
Full download : https://alibabadownload.com/product/accounting-information-systems-australasian-1st-edition-romney-solutions-manual/
Accounting Information Systems Australasian 1st Edition Romney Solutions Manual
Webinar Mastery Series: Email Retention Regulations in India and How Business...Vaultastic
This email data management mastery series aims to educate and share Myths, Facts, Best Practices, Technologies along with live case studies.
This webinar takes a look at some of the regulations present in India that require long term email retention and how a cloud email archiving solution can help you formulate a sound retention policy and protect all email data.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
10 steps-email-retention-wp-us 198118
1. WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION
10 Steps to Establishing
an Effective Email
Retention Policy
JANUARY 2009
Eric Lundgren
I N FO R M AT I O N G OV E R N A N C E
3. Executive Summary
Challenge
In order to address growing eDiscovery, compliance and knowledge management
requirements, organizations must retain a greater number of emails than ever before. Yet
with such a large percentage of internal and external business communications performed
via email, this is becoming an increasingly difficult task — one with which many struggle to
keep pace. What’s more, as the volumes of messages requiring retention grow, so too, do
the related storage, retrieval and administrative costs. To address these challenges — and
prepare for litigation and compliance reviews — enterprises need a standardized, policy-
based email retention system that ensures all relevant messages are stored safely and in
accordance with any pertinent industry laws and governing bodies.
Opportunity
Building a well-planned, enterprise-wide email retention policy helps establish uniform and
consistent rules for all email and electronic records. Such a policy outlines email content,
sets retention and deletion criteria and provides the flexibility to accommodate litigation
holds and enable role-based user access. Leveraging a robust Information Governance
solution also helps simplify the management of this process. The ideal solution should
automate retention policy enforcement and task documentation, while providing an
archiving and retrieval engine that streamlines an organization’s ability to locate messages
for audits, litigation and eDiscovery in a timely and cost-effective manner.
Benefits
Using an automated Information Governance solution as the authority to manage an email
retention policy enables organizations to meet eDiscovery, compliance and knowledge
management requirements, while improving email system performance and reducing costs.
Specifically, organizations can:
• Reduce eDiscovery costs
• Improve regulatory compliance
• Reduce the risk of sanctions
• Improve IT performance without increasing costs
• Enhance data access
WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 1
4. SECTION 1: CHALLENGE
The Need to Better Manage Email Retention Policies
Faced with increasing regulatory scrutiny and tougher laws surrounding electronic content,
organizations of all sizes — in every type of industry — must pay closer attention than ever
before to the way they manage, store and archive email messages. As rich sources of business-
critical intellectual property, electronic records must be protected by strong retention policies
that identify which emails need preserving and for what duration. Moreover, such a policy
must also include guidelines that enable the safe, timely removal of messages from production
systems and assist organizations in deleting them upon the expiration of the retention lifecycle.
However, in an age dominated by electronic business communication, developing robust,
effective retention guidelines for email volumes that proliferate at an exponential rate often
results in increased storage costs, poor system performance and difficulties locating specific
archived messages. Despite these considerable challenges, email retention policies comprise
a key piece of an enterprise-wide Information Governance framework, and as such, must be
implemented in order for organizations to achieve the three important capabilities of:
• Litigation readiness
• Regulatory compliance
• Knowledge management
Litigation Readiness
Today, litigation readiness is the biggest force driving the development of comprehensive email
retention policies. With the passage of the December 2006 amendments to the Federal Rules
of Civil Procedure (FRCP) — which list emails, instant messages, text messages, Microsoft
Word documents, spreadsheets and other electronic assets among the business records that
can be used as evidence — organizations are now legally obliged to possess formal eDiscovery
processes that make all relevant electronic documents available for assessment and analysis
early in the litigation process.
With this new regulation, enterprises need to know all of their sources of electronic information
in advance of litigation, including email servers and backup tapes, deleted or retired records
and data stored at remote locations. Gaining visibility into the sources of data is crucial, as it
helps organizations quickly institute litigation holds that mitigate the potential for intentional
or negligent alteration or destruction of any electronic records — known as spoliation in legal
proceedings — which can result in significant penalties and jeopardize the outcome of the case.
Attempting to comply with these FRCP amendments and drive litigation readiness without an
effective Information Governance system often results in high operating costs and an increased
risk of penalties. In fact, according to a study by Cohasset Associates, American businesses
annually spend between $2.5 million and $4 million on eDiscovery for every billion dollars
in sales, making it a large uncontrolled expense that is exceeded only by the costs of
healthcare1. Moreover, organizations that fail to meet FRCP rules can face sanctions for
the illegal destruction or alteration of evidence, or even risk losing cases they would have
otherwise won or favorably settled.
2 WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION
5. Regulatory Compliance
Meanwhile, the Sarbanes-Oxley Act (SOX), the Financial Industry Regulatory Authority
(FINRA), the Health Insurance Portability and Accountability Act (HIPAA) and other regulatory
mandates include strict guidelines about the preservation of electronic assets. In other words,
these exacting criteria make email retention a key factor in achieving compliance. While the
specific data subject to retention varies by authority, most require that all records directly
pertaining to an organization’s business activity, including emails and other messages,
be held for a predetermined amount of time. Exceptions to these regulations include
spam and personal emails, though the latter can be requested during an investigation
under certain circumstances.
Knowledge Management
An organization’s email records often contain valuable, proprietary information that is vital to
the success and ongoing competitiveness of the business. Thus, retaining these messages
and providing users with quick access to the information contained within can help to drive
productivity and business innovation.
Balancing Retention With Costs and Performance
With email stores growing at an annual rate of 35 percent, keeping emails in online archives
means that businesses must invest in additional physical storage space and hardware capable
of maintaining performance under increased processing loads2. To combat the rising costs
associated with email retention — while continuing to meet performance demands in
production systems and comply with all legal and regulatory requirements — organizations
need a way to identify non-essential messages that can be sent to offline storage or deleted.
Managing Retention Through Policies and Automation
However, because they lack the formalized policies that dictate which emails must be saved,
which are not immediately essential to business needs and which can be deleted, many
organizations struggle to make email retention a cost-effective core competency. In fact,
in a study by the Osterman group, 53 percent of respondents said they lack such a policy3.
What’s more, many of the world’s largest corporate messaging applications provide few
resources to support compliance and retention operations. And without the right tools,
organizations must manually search through individual inboxes and scour backup tapes to
locate a specific email or attachment. At the same time, many outsourced backup companies
charge a fee every time they are asked to locate and deliver archived messages — a process
that can get quite costly as greater numbers of emails are requested.
To achieve this crucial balance between costs and retention, organizations need to develop
a carefully planned email retention policy and support it with a robust, comprehensive
Information Governance solution. Leveraging technology to enable such a policy will ensure
that all retention methodologies, responsibilities, procedures and timeframes are applied to
each message and enforced on a consistent and uniform basis. In doing so, organizations
improve their ability to demonstrate conformance to legal and regulatory initiatives, become
well prepared for litigation and eDiscovery and increase cost efficiencies across the board.
1 “Information Governance: A Core Requirement for the Global Enterprise,” Cohasset Associates, October 2007.
2 “Reducing the Load on Email Servers,” Osterman Research, September 2007.
3 “Email Archiving Practices Survey of IT professionals,” Osterman Research, December 2007.
WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 3
6. SECTION 2: OPPORTUNITY
Developing and Implementing an Email Retention Policy
To make email management procedures a cost-effective business asset, enterprises need to
develop, actively enforce and audit comprehensive retention guidelines. These rules should
specify consistent, enterprise-wide data archive windows and define permissions for who can
access, change or delete messages, attachments and other records.
To this end, organizations should guide themselves through the process of developing,
implementing, monitoring and auditing a comprehensive email retention policy using the
following 10 steps:
1. Define an email retention policy
2. Eliminate the variables hindering centralization
3. Educate employees about the retention policy
4. Incorporate relevant regulations into the retention policy
5. Identify roles with unique retention requirements
6. Balance retention guidelines and related IT costs
7. Provide employees with access to archived messages
8. Ensure that retention policies can accommodate legal holds
9. Validate that all messages are archived
10. Use technology to enforce retention policies
Define an Email Policy
In order to fully understand its retention obligations, an organization must first have a
clear understanding of the types of content it transmits electronically. To provide this insight,
the email retention policy should specify:
DOCUMENT TYPES employees can send via email, as well as the specific files, such as sensitive
business contracts, that must be transmitted using a different method.
CONTENT GUIDELINES defining what should or should not go into emails, including policies
around what constitutes sexual harassment or other unacceptable language.
ENFORCEMENT MEASURES and best practices that automatically scan for policy violations
and designate an internal authority to periodically review content.
4 WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION
7. Eliminate the Variables Hindering Centralization
Without formal archiving guidelines and an automated system to manage the process,
employees often save old messages and attachments on local storage systems, such as a
PC hard drive. This lack of standardization makes tracking and protecting archived messages
problematic. For example, a judge can request messages saved on personal archives during
litigation and eDiscovery. But if an employee saves these on a hard drive, which then fails, the
information is lost and the enterprise becomes vulnerable to legal and regulatory penalties
around the spoliation of data.
Moreover, locating the necessary data on all local hard drives throughout a large organization
is a difficult, time-consuming and expensive process that often fails to discover every message
saved on a non-standardized source. To avoid the possibility that a missing message results in
legal sanctions, email retention policies should include specific, centralized archiving methods
that prohibit employees from saving messages in personal folders.
Educate Employees About the Retention Policy
Even though a formal email retention policy may be defined and in place, many employees may
remain unaware that such guidelines exist. To ensure that archiving rules are followed across
the enterprise, all employees must be trained on the policy and able to demonstrate that they
understand content and storage procedures, as well as any rules restricting the use of personal
folders. Moreover, education should:
• Detail the reasons why these rules are in place,
• Offer instructions for using any supporting archiving technology
• Outline the consequences of non compliance at both a business and personal level
Incorporate Relevant Regulations Into the Retention Policy
It is critical that all email retention policies incorporate the requirements of the mandates
governing the industry in which an organization operates. There are many common regulations
to consider.
SOX
SOX regulations apply to public companies across all industries and impose severe penalties
on any business that deliberately alters or deletes documents in order to defraud customers or
other third parties. To comply with SOX guidelines, companies must retain auditable emails for
a minimum of five years from the end of their last fiscal years.
FINRA
FINRA rules demand that financial services firms establish formal, written policies and
procedures that detail their email retention policies. After outlining these policies, a business
must then demonstrate that all retention processes are in full compliance with FINRA
guidelines.
HIPAA
HIPAA regulations apply to any email message or other electronic records that contain
sensitive information about an individual’s medical history. The preservation period for a
medical record is a minimum of five years, though some related statutes dictate that certain
information be retained for the life of the patient.
WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 5
8. BEYOND REGULATIONS
Although many regulations exist beyond the three listed above, all regulatory bodies —
regardless of industry specificity — make meeting the following requirements a key aspect
of compliance.
DATA PERMANENCE, where data must be in its original state without being altered or deleted.
DATA SECURITY, where all retained information must be protected against security threats,
including access by unauthorized persons and any outside forces that could physically damage
or endanger the availability of archived messages.
AVAILABILITY, where organizations must prove that all emails subject to the retention policy
can be easily accessed by authorized personnel in a timely manner.
Identify Roles With Unique Retention Requirements
Specific organizational roles have unique archiving requirements, which must be captured
in the larger retention policy. For example, brokers at financial services firms are obligated
to keep all of their electronic correspondence for up to six years. Likewise, in pharmaceutical
companies, scientists or physicians who perform drug tests must keep test-related
emails on hand for even longer, as these may contain highly sensitive information that can
be requested as evidence in eDiscovery. Finally, it is common practice in most enterprises to
save the emails of CEOs indefinitely, even after their tenures have ended.
Balance Retention Guidelines and Related IT Costs
Though there are many specific legal and regulatory guidelines around email retention, no
court or compliance authority demands the archiving of every email ever sent or received.
As a result, organizations should implement a retention policy that reduces the storage
burden by ensuring that the emails essential to meeting compliance and litigation guidelines
are saved, while those that are not needed are deleted. By reducing storage through retention
and deletion policies in line with legal and compliance mandates, IT can limit storage-related
expenditures and streamline email administration tasks, which often comprise more than
40 percent of total IT support costs. In addition, this approach limits the amount of content
requiring evaluation during the legal review phase of eDiscovery, further reducing costs.
Provide Employees With Access to Archived Messages
As enterprises establish overarching policies for archiving and deleting email messages,
they must also verify that all employees have access to the electronic assets they need to carry
out their business responsibilities. To support productivity, policies should establish rules that
enable certain messages to be saved for personal communication, while allowing all other
messages to be managed by the default retention strategy. These rules should also allow users
to search for all archived email in both production and off-line storage systems, and in some
cases, enable employees in similar roles to access messages owned by their coworkers.
6 WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION
9. Ensure That Retention Policies Can Accommodate Legal Holds
Email retention policies must be flexible enough to be suspended if a legal hold is necessary.
For example, if an organization is anticipating legal action, it might choose to retain all emails
in order to preserve the information that may be used as evidence during litigation. It is critical
that policies accommodate legal holds, because courts can impose sanctions for the spoliation
of any messaging content or electronic records that are relevant to a legal proceeding.
Validate That all Messages Are Archived
In order to comply with eDiscovery and litigation mandates, businesses must confirm and
demonstrate that all emails are captured and subject to the retention policy. To support this
critical goal — and eliminate the possibility that information escapes retention —
organizations should leverage an Information Governance solution with functionality that
provides the live, real-time capture of every message that falls under the rules of the
retention policy.
Use Technology to Enforce Retention Policies
To achieve the goals outlined in its email retention policy, an organization should implement
a robust, automated Information Governance solution capable of enforcing policy guidelines
across the business in an efficient, effective manner. Such a solution is the key to improving
legal hold management, speeding retention processes and maintaining an archive that
preserves necessary messages and purges non-essential emails as necessary. Information
Governance solutions should help simplify access to archived messages through rules to grant
permission by business classification, protect messages as corporate assets and make them
available to employees within similar roles.
Specifically, the optimal Information Governance solution should include:
• Granular retention capabilities that allow organizations to keep individual emails according
to specific criteria
• Automatic email archiving that enables end users to access messages in a saved state
• Folders that streamline the storage and retrieval of important messages
• The ability to secure sensitive private information, such as social security numbers and
medical records, to support HIPAA compliance
• Capabilities for eDiscovery, including the classification and search of emails and other
electronic records
• Legal hold support that earmarks the specific emails that have been identified as evidence
in litigation procedures
WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 7
10. SECTION 3: BENEFITS
Improving Email Management Policies Through Technology
Enterprises that utilize an automated Information Governance solution to implement and
manage a comprehensive email retention policy are better prepared to meet eDiscovery,
compliance and knowledge management requirements — and promote more cost-effective
email system performance and administrative activities.
Specifically, Information Governance technology helps organizations develop and maintain
email retention policies that:
Reduce eDiscovery Costs
By helping to establish a granular email retention policy, an Information Governance solution
gives organizations instant access to the messages needed to meet specific regulatory, legal
and eDiscovery requirements — and decreases the time and costs associated with manually
searching archives, as well as the time spent in review, the most expensive phase of
eDiscovery.
Improve Regulatory Compliance
Information Governance solutions help organizations verify that their retention policies address
the requirements of industry regulations, greatly improving opportunities to comply with such
initiatives as SOX, FINRA and HIPAA.
Reduce the Risk of Sanctions
By implementing and documenting uniform, consistent retention policies, Information
Governance solutions help organizations preserve records that may be used in court
proceedings and reduce the risk of sanctions for the illegal destruction or alteration
of evidence.
Improve IT Performance Without Increasing Costs
An Information Governance solution provides organizations with the ability to develop a
streamlined, cost-effective message archive that automates retention and disposition and
leverages existing IT assets — reducing the need to add new servers, storage systems and
maintenance personnel.
Enhance Data Access
With policy-based functionality that verifies that data is retained according to business
classification, protected as a corporate asset and made available to employees with common
roles and user profiles, an Information Governance solution helps to improve data access
across the organization.
8 WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION
11. SECTION 4
Conclusions
Given the heightened emphasis placed on the preservation and security of electronic assets,
organizations across all industries are under increasing pressure to develop and implement a
robust, comprehensive email retention policy that complies with various legal and regulatory
bodies. Bolstering such a policy with an automated Information Governance solution enables
enterprises to more efficiently and cost-effectively store and locate emails for eDiscovery,
litigation, compliance and knowledge management purposes. In doing so, they are able to
optimize their message archival and deletion processes, while simultaneously:
• Improving system performance
• Strengthening data availability
• Reducing maintenance costs
• Minimizing the risk of legal penalties or sanctions
SECTION 5
References
“Information Governance: A Core Requirement for the Global Enterprise,”
Cohasset Associates, October 2007.
“Reducing the Load on Email Servers,”
Osterman Research, September 2007.
“Email Archiving Practices Survey of IT Professionals,”
Osterman Research, December 2007.
SECTION 6
About the Author
Eric Lundgren Eric Lundgren is Vice President of Technical Sales for the Information Governance Business
INFORMATION GOVERNANCE Unit at CA. He has a deep background in email management, eDiscovery and records
management. Currently, Eric is responsible for helping customers understand how they
can better address the legal, regulatory and operational challenges posed by diverse sources
of information, including email and electronic and physical records. Prior to working for CA,
Eric was Vice President of Product Strategy and Technical Sales for iLumin Software, a leading
email management, supervision and discovery software vendor.
WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 9
12. CA (NSD: CA), one of the world’s leading independent,
enterprise management software companies, unifies and
simplifies complex information technology (IT) management
across the enterprise for greater business results. With our
Enterprise IT Management vision, solutions and expertise,
we help customers effectively govern, manage and secure IT.
334390109