4 Reasons to Establish an Email Retention Policy
Many companies are scrambling to create and enforce a good email retention policy for various valid reasons. In this blog post I will help you determine whether your company needs an email retention policy. I will do this by explaining some of the main reasons why companies implement such policies in the first place.
1. Sarbanes-Oxley, SEC 17a-3/4, NASD 3010, HIPAA
These regulations which are mandatory in many industries require companies to keep emails (and other documents) for a number of years. Most of these policies were designed to protect the consumer, for example, the SEC 17a-3/4 states that a company must preserve emails for up to six years. Furthermore all emails must be time-stamped, stored in a tamper-proof format and must be organized and indexed, with a duplicate copy stored separately from the original. This is done so that if any irregularity is uncovered, a proper investigation can take place.
2. SAS 70 Standards
If your company wishes to be audited for SAS 70 standards, they will require a robust email archiving software solution. An SAS 70 audit gives a company a very prestigious certification – a guarantee that the company has a high standard of accounting practices and the correct control objectives and activities. This helps an organization build trust with its customers and other organizations.
3. PCI Regulations
PCI DSS regulations are mandatory for companies that wish to process payments by credit card. This standard protects the credibility of the company and ensures the security of the credit card user’s details. In many cases, companies that comply with PCI DSS use email as part of their dealings with customers. In these cases, it helps to make use of email archiving software to protect these emails that usually contain sensitive customer payment information by saving them in a central archive – meaning none of them can ever be accidentally or intentionally deleted.
4. Litigation Readiness
There are times however, when a company might chose to retain emails for litigation purposes. It is unfortunate that many companies need to resort to the law courts to resolve disputes with customers and employees. If the company does not have solid proof of their email correspondence, they will have a much harder time convincing the judges that they are right. Email archiving software was designed with litigation in mind, and the email reports pulled from such software are much more credible in court than an email printout from an email client, because those are much more easily tampered with.
All these reasons support the argument that an email retention policy and an email archiving solution are required for your business.
This guest post was provided by Jeremy Pullicino on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more about why your company should deploy an email retention policy.
All product and company names herein may be trademarks of their respective owners.