The document outlines guidelines for developing an email policy in organizations, focusing on email management, usage, security, and compliance. It emphasizes the importance of stakeholder involvement, legal alignment, and the need for an iterative policy development process. Additionally, it addresses key policy elements such as responsibilities, definitions, acceptable usage, and monitoring.

1. ARMA Boston Spring Seminar 2011Jesse Wilkins, CRMManaging Your Email Better

2. Developing an email policyIdentifying and classifying messages as recordsManaging the inbox better – by managing less emailBetter collaboration WITHOUT emailSeminar agenda

3. Developing an Email Policy

4. Email policy elementsPolicy statementsThe policy development frameworkSession agenda

5. Email policy elements

6. Every organization’s email policy will be differentPublic vs. private sectorRegulatory requirements, both horizontal and verticalThere are some common areas that should be addressedLots of references andexamples availableEmail policy elements

7. PurposeScope ResponsibilitiesDefinitionsPolicy statementsReferencesPolicy elements

8. This policy has three purposes:Establish definitions relevant to the email management programDescribe usage policies relating to emailDescribe security and technology policies relating to emailScope: This policy is applicable to the entire enterprise. Purpose and scope

9. Responsibilities for policy development and maintenanceResponsibilities for policy administrationResponsibilities for compliance with policyResponsibilities

10. Uncommon termsCommon terms used in an uncommon fashionAcronyms and abbreviationsDefinitions

11. Many different elements availableDetailed in the next sectionPolicy statements

12. List any references used to develop the policyInternal strategic documentsRecords program governance instrumentsStatutes and regulationsPublications Examples and templatesReferences

13. Detailed instructions for complying with policiesOften separate document(s)Each of the policy statements will have one or more proceduresMay be specific to process, business unit, jurisdiction, and/or applicationProcedures

14. Email policy statements

15. Most common element of email policies todayTypically addresses things NOT to do:Obscene language or sexual contentJokes, chain letters, business solicitationRacial, ethnic, religious, or other slursMay address signature blocksStandardization, URLs, picturesAcceptable usage

16. Guidance on writing emailsWording and punctuationSpell check and grammar checkEffective subject linesGuidance on email etiquetteGuidance on addresseesEffective usage

17. Whether personal usage is allowedAny limitations to personal usageSeparation of personal and business usage within individual messagesPersonal email account accessPersonal usage

18. Whether email is considered to be owned by the organizationResponsibility for stewardship of messages, both sent and receivedPrivacy and monitoringThird-party accessOwnership and stewardship

19. Email is a medium, not a record type or seriesEmail messages can be recordsOther information objects that might need to be treated as recordsRead receiptsBounced messagesRetention and disposition

20. Email can be subject to discoveryAssigns responsibility for communicating legal holdsDescribes whether or not email disclaimers will be used and howMay outline privilege issuesLegal issues

21. Outlines whether encryption is allowedWhat approaches to useWhether digital signatures are allowedWhat approaches to useEncryption and digital signatures

22. Most often found as part of general policies for remote workersRequirements for mobile devicesRequirements for web-based accessSynchronization and login requirementsMobile and remote email

23. Addresses whether email will be archivedAddresses whether personal archives will be allowed May address backups – but backups are not archivesMay also address public or managed foldersArchival

24. Attachment limitationsWhether they can be sent at allSize limitationsContent type limitationsAttachments vs. linksContent filteringEncryption and DRMSecurity

25. Policy development framework

26. Approach to developing and implementing a policyEnsures that policy development is consistent with organizational goalsEnsures that policy meets legal and regulatory requirementsThe policy framework

27. Policy development requires time and energy from users and stakeholdersSo does policy implementationOngoing compliance will require auditing and communicationNone of this happens without management support1. Get management support

28. Policy should address the entire enterpriseStakeholders should include:Business unit managersEnd usersLegal, RM, ITExternal customers and partners2. Identify stakeholders

29. What changes are being introduced? Processes, technologiesWhat are the desired outcomes?What behavioral changes should result?3. Identify the goals of the policy

30. Legal researchOrganizational researchPublic researchStandards and guidelinesBenchmarkingConsult with similarorganizationsAnalyze the results4. Conduct the research

31. Collaborative and iterative processThere are a number of resources available to provide an email policy frameworkThese are starting points and need to be customized for your requirements5. Draft the policy

32. Review by legal, HR, usersEnsures it is validEnsures it will work within existing organizational cultureChange management 6. Review the policy

33. Policy is reviewed by business managers, senior managementComplete revisions as necessaryApprove the policy7. Approve the policy

34. CommunicationTrainingAuditing8. Implement the policy

35. Monitor for compliance with policySolicit feedback about policyProvide refresher training as requiredConsider whether to retain previous versions of the policyPlan for periodic review and maintenance9. Once the policy is live

36. Questions?