1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

Tackling Email Archiving Regulations

Published by Mike Solinap
on August 20, 2013

Whether or not your in a heavily regulated industry, having a solid email archiving solution is an absolute necessity. Email’s importance in the workplace for the past decade-and-a-half is similar to the need of having a dial tone in years past. In addition, email is the primary file sharing utility of choice. Despite the proliferation of cloud services such as Dropbox, it is still much quicker and easier to send someone a file as an email attachment. Size limits of up to 25MB are now common, so not only is document exchange an area of concern for organizations, but content could include images and video as well.

Even if your industry doesn’t require archiving emails, your organization can reap the following benefits:

  1. Recovery of key emails that have been permanently deleted.
    Have you ever had a user misplace an email, or mistakenly empty his or her email trash bin? Going back to your last full MS Exchange backup simply to retrieve one email could be a painful experience. Having a 2nd location, such as a journal account may come in handy, but might also be very difficult to search.
  2. Identify unauthorized user activity.
    The possibilities here are quite open – corporate espionage or other litigation cases? Having an archiving solution will allow you to perform eDiscovery and quickly identify key pieces of communication.
  3. Provide coverage where existing backup solutions are exposed.
    Take for example a user who receives an email and immediately files it away into a local PST. The user’s laptop crashes or is stolen, and it’s been more than a couple of days since his or her last backup. An email archiving solution could protect you from this common occurrence.
  4. Augment mail server-side search capabilities.
    While we all live with it, we realize that Outlook search often comes up short. Ideally, we want a full parametric search to allow for any combination of criteria, and we want the results fast.
  5. Email storage optimization (stubbing).
    Primary email storage is typically architected for performance. Typically, performance is synonymous with expensive. By having stubbing capabilities, large attachments can be offloaded onto nearline storage, extending the life of primary storage.

There are more than a dozen different industries and corresponding regulations that do require email archiving — including medical device manufacturers and financial services. Compliance for these industries is regulated by their respective bodies:

FDA:

  • Electronic Records (Title 21 CFR Part 11)

(b) The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency. Persons should contact the agency if there are any questions regarding the ability of the agency to perform such review and copying of the electronic records.

FINRA:

  • Recordkeeping (SEC Rule 17a-4, NASD Rule 2210(b) and NASD Rule 3110(a)1)In accordance with SEC Rule 17a-4, firms must retain all incoming and outgoing communications related to their firms business as such. Also, under NASD Rules 2210 and 2211, firms must retain all communications for a period of three years from the date of last use …. any business-related email, … must also be captured and retained …

So audit time is around the corner, and you’ve decided to implement an email archiving solution. There are some key considerations involved when evaluating your choices:

  • As storage needs grow, how do I scale my archiving solution?
  • How quickly can I search for any email?
  • How detailed can my search criteria be?
  • How well does my archiving solution integrate into my current email system?
  • What is the TCO of this archiving solution?

One of our customers had an existing solution in place, but unfortunately performance suffered, retrieving attachment stubs worked intermittently, and server upkeep was very time consuming. We decided to disable archiving, and setup a simple Exchange journal account until a better solution could be found.

This customer was already using Barracuda for their SPAM mail gateway appliance, so we decided to implement the Barracuda Message Archiver as well. Some notable features I thought were great:

  • Our journal account grew quicker than I imagined. The Barracuda was able to clean it out at the rate of 9500 messages per hour.
  • Full parametric search. The customer required a search of about 20 keywords for 5 users each, but also wanted to exempt certain domains from the results. The Barracuda allowed me to save a search, and duplicate it several times, changing only the user.
  • PST export of the results. Once I had queued all of my searches, it was a snap to have the search run and save to an individual PST.
  • CIFS mirroring. The appliance does not have fault tolerant disks, but it allows the email archive to be mirrored onto a filer where I can take it to tape.

Overall, the Barracuda was easy to setup, there is no server and database to maintain (it comes in the form of an appliance), and pricing is excellent. Best of all, it made our recent audit a success.

Next Steps:

Mike Solinap
Sr. Systems Integrator
SPK & Associates

Latest White Papers

Three Trends Are Transforming The Service Desk

Three Trends Are Transforming The Service Desk

Your IT service desk is about to change. Find out what's shaping the future. Three factors — enterprise service management (ESM), collaboration, and intelligent service management — are driving the transformation of the service desk. To better meet customers’ needs...

Related Resources

What is Data Engineering?

What is Data Engineering?

Strictly defined, data engineering, which is also known as information engineering (IE), information technology engineering (ITE), or information engineering methodology (IEM), is a software engineering approach to designing and developing information systems.  Data...

10-Point Checklist for Atlassian Server Migrations

10-Point Checklist for Atlassian Server Migrations

Introduction As applications, such as Jira, become more mainstream for Enterprises, it was inevitable that Atlassian and others would create their own service (SaaS) that provides numerous benefits to users across the globe.  The benefits of having a SaaS...

Streamlining Design Controls For A Leading Medical Device Maker

Streamlining Design Controls For A Leading Medical Device Maker

SPK helps this global enterprise to boost product development efficiencies, increase compliance reliability, generate reports with a single click, and shave weeks off their development/release cycles. The Client A respected global medical device powerhouse, with more...