The number of emails that whizz through most company servers on a daily basis is usually pretty extraordinary and whilst it’s easy to just delete them so as not to clog your email inbox, email compliance regulations insist that all emails are archived in a way that they can be recovered in the case of an eDiscovery request.

Existing regulations such as Sarbanes-Oxley, HIPAA and the FRCP treat emails as being equal to paper-based documents in terms of valid and legal documentation presented in a court of law and are therefore admissible during an eDiscovery request.

eDiscovery is the process of locating, securing and using documentation from a company’s archives in a legal setting, so a company must have the ability to procure the necessary documents with the confirmation that these have not been tampered with. Failure to abide by procedures could result in court fines and other financial burdens, not to mention a failing reputation.

When it comes to implementing an email archiving setup, for security, maintenance and resource reasons, email archives should not be archived on the mail server but should have their localized server that is specific to the task.

Archiving your emails on a separate database ensures that they are protected should the server crash whilst also lightening the load on the server. Stretching the email server’s resources to a maximum by having it deal with email archiving will only lead to the server performing all tasks poorly; whereas, having a designated email server and a separate email archiving server will ensure that all tasks are occurring at their topmost level; it will also render the upkeep of both machines a simpler and cleaner process. However the main reason behind separate servers is to have a backup should the email server crash as archived emails can be reinstated so that work can carry on as best possible.

In industries and countries where regulations require organizations to monitor user activity and keep audit trails you will need to implement a system that records, logs and retains a database of user activity. Using secure methods such as encryption will ensure that emails have not been tampered with as this would render them inadmissible in a court of law thus resulting in non-compliance.

An auditing facility is also important for compliance purposes. Log files and counts must prove that all emails (including their attachments) are being captured and can be searched for, recovered and viewed in their original format. It is advisable to inform your users that their emails are being recorded and archived as this could act as a deterrent to any abuse of the system.

About GFI

GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale. GFI has offices in the US, Malta, UK, Hong Kong and Australia which support more than 200,000 installations worldwide. GFI is a channel-focused company with over 10,000 partners worldwide. GFI is a Microsoft Gold Certified Partner. More information about GFI can be found at www.gfi.com .

All product and company names herein may be trademarks of their respective owners.