Quick Links
Advertise with Sarbanes Oxley Compliance Journal
Features


< Back

Sarbanes Oxley : Thought Leader

How to Take Advantage of Compliance Requirements to Improve Business Processes
November 21, 2008 12:00 PM

Broccoli, Peas, Sprouts—Compliance?

By Ashley Coover
Ashley Coover
Assistant Marketing Manager
MessageSolution

For many businesses, meeting compliance regulations is vaguely reminiscent of time spent at the dinner table during one’s youth, being forced to eat before leaving the table.

The term ‘regulatory compliance’ induces various reactions, none of them positive, whether you’re talking to an executive, a legal counsel, or an IT administrator. Corporate executives recognize the scope and expense of achieving total compliance; visions of dodging lawsuits and legal fines dance before counsel’s eyes. IT administrators balk at the time spent managing an overloaded, de-centralized network.

What is often overlooked is that compliance has the capability to vastly improve business operations. Like broccoli, peas and Brussels sprouts, compliance is ultimately in a corporation’s best interest. Managing risk, streamlining processes and standardizing data management are just a few of the oft unsung benefits of compliance efforts.

Manage Risk
As more and more business is conducted electronically, keeping track of all the ways hackers or disgruntled employees can access private information can be overwhelming. Even top rung executives are not immune to mishandling information. This is why IT staff (or IT savvy management) should be involved in determining how to implement corporate security policies. If the problem is technology-based, the solution will most likely be technology-based, too.

Along with illegally obtaining information, another way employees can leave their company open to a lawsuit is by deleting valuable emails or files. If an employee deletes self-incriminating emails or attachments, the company may be held responsible for that employee’s wrongdoing. To avoid being faced with a big lawsuit and a lack of redeeming evidence, businesses shouldn’t let employees be the final arbiters of the value of their emails.

Backup and secure storage are key in these situations, but corporations that fall under industry or government regulations need much more protection than, say, backing up employees’ emails daily on a disk. If daily backups are run at the end of the work day, any emails that employees delete during the day won’t be stored. An email archive that uses automated journaling to capture all emails and immediately archive them on a separate server ensures that deleted emails will still be available for future review.

Secure archiving and storage software systems not only protect vital corporate intelligence from accidental deletion, but also can limit employees’ access to archived information. Next-generation systems are granular all the way to the individual user level, allowing supervisors to see only their supervisees’ files, executive assistants to see only their executives’ files, and so on. Employees’ activities within the archive can even be tracked, showing supervisors how their staff is utilizing the archive.

Streamline
Some corporations encounter storage problems due to inadequate data management. Employees send and receive emails every day, which, if not sorted properly, can fill up storage devices rather quickly. Spam or joke emails may be sent to hundreds or thousands of employees, which can result in hundreds or thousands of unnecessary files being stored or archived.

While imposing email storage quotas on employees is a quick solution, it is certainly not the best one. Aside from forcing employees to delete possibly relevant information, a large problem created by imposing quotas is that some users will simply create local archive files. PST and NSF files de-centralize information, which makes finding information for audits or electronic discovery extremely difficult and time-consuming.

Compliance doesn’t require you to store spam and personal emails, so why waste valuable storage space? Consider using an email archiving product with built-in filtering capabilities to keep irrelevant content from being archived. This will reduce your storage requirements, which can keep pesky mailbox quotas at bay. And, of course, no mailbox quota means there is no need for employees to create local archive files.

As for dealing with existing desktop archive files, a product with a PST/NSF file management tool can centralize your company’s desktop files into the archive to be searched as easily as other archive content. Even if the employee has left, his or her files can remain in the archive to be supervised by an assigned employee.

Standardize
Corporations must implement efficient, standardized practices that adhere to industry or government regulations. Many companies put together a steering committee to determine acceptable use policies for the entire corporation, individual departments, and individual employees.

Once the policy is set, it is important to keep employees educated and informed about the role they must play in the company’s compliance strategy. After all, a good policy is worthless if employees are not aware of it or choose to ignore it. Although extreme micro-management and testing employees on email use policies are ways of ensuring employees follow policy, most businesses would prefer a more discreet method.

An automated email archive can implement standardized policies across the board. Once acceptable use and retention policies have been set, the archive administrator can click a few buttons and type a few numbers. When the admin applies the changes, suddenly all employees’ email archiving schedule, retention periods, archive access and retrieval abilities will be programmed to company-determined settings.

Eat Those Vegetables!
Lengthy litigation, hefty fines, and loss of consumer or stock holder confidence top the list of consequences for businesses that fail to adhere to compliance regulations. While meeting compliance is partially about avoiding these kinds of situations, it is ultimately about improving business operations on every level.

The ideas behind compliance are good ones: standardizing practices, securely managing information, and simply being proactive. When put into effect, they create a culture of accountability and transparency, which is ideal for companies, customers, and stockholders alike.

Once you’ve determined your company’s email compliance goals, evaluate which product can best meet your needs. Don’t feel pressured to choose the first vendor you evaluate or the product with the biggest price tag. Shop around. Most companies will find that with proper planning and implementation of the right solutions, the benefits of compliance far outweigh the costs.





Ashley Coover
Assistant Marketing Manager
MessageSolution
Ashley Coover attended the School of Journalism at the University of Florida.

She began her writing career as a newspaper reporter, later working as an editor. Interests in technology lead her to move across the country to Silicon Valley, where she writes web site content for MessageSolution, Inc., an email and file archiving company.

She works closely with the product development team and the product architect to construct useful articles for organizations in need of archiving solutions.





About Us Editorial

© 2017 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY