1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

Tackling Email Archiving Regulations

Written by Mike Solinap
Published on August 20, 2013

Whether or not your in a heavily regulated industry, having a solid email archiving solution is an absolute necessity. Email’s importance in the workplace for the past decade-and-a-half is similar to the need of having a dial tone in years past. In addition, email is the primary file sharing utility of choice. Despite the proliferation of cloud services such as Dropbox, it is still much quicker and easier to send someone a file as an email attachment. Size limits of up to 25MB are now common, so not only is document exchange an area of concern for organizations, but content could include images and video as well.

Even if your industry doesn’t require archiving emails, your organization can reap the following benefits:

  1. Recovery of key emails that have been permanently deleted.
    Have you ever had a user misplace an email, or mistakenly empty his or her email trash bin? Going back to your last full MS Exchange backup simply to retrieve one email could be a painful experience. Having a 2nd location, such as a journal account may come in handy, but might also be very difficult to search.
  2. Identify unauthorized user activity.
    The possibilities here are quite open – corporate espionage or other litigation cases? Having an archiving solution will allow you to perform eDiscovery and quickly identify key pieces of communication.
  3. Provide coverage where existing backup solutions are exposed.
    Take for example a user who receives an email and immediately files it away into a local PST. The user’s laptop crashes or is stolen, and it’s been more than a couple of days since his or her last backup. An email archiving solution could protect you from this common occurrence.
  4. Augment mail server-side search capabilities.
    While we all live with it, we realize that Outlook search often comes up short. Ideally, we want a full parametric search to allow for any combination of criteria, and we want the results fast.
  5. Email storage optimization (stubbing).
    Primary email storage is typically architected for performance. Typically, performance is synonymous with expensive. By having stubbing capabilities, large attachments can be offloaded onto nearline storage, extending the life of primary storage.

There are more than a dozen different industries and corresponding regulations that do require email archiving — including medical device manufacturers and financial services. Compliance for these industries is regulated by their respective bodies:

FDA:

  • Electronic Records (Title 21 CFR Part 11)

(b) The ability to generate accurate and complete copies of records in both human readable and electronic form suitable for inspection, review, and copying by the agency. Persons should contact the agency if there are any questions regarding the ability of the agency to perform such review and copying of the electronic records.

FINRA:

  • Recordkeeping (SEC Rule 17a-4, NASD Rule 2210(b) and NASD Rule 3110(a)1)In accordance with SEC Rule 17a-4, firms must retain all incoming and outgoing communications related to their firms business as such. Also, under NASD Rules 2210 and 2211, firms must retain all communications for a period of three years from the date of last use …. any business-related email, … must also be captured and retained …

So audit time is around the corner, and you’ve decided to implement an email archiving solution. There are some key considerations involved when evaluating your choices:

  • As storage needs grow, how do I scale my archiving solution?
  • How quickly can I search for any email?
  • How detailed can my search criteria be?
  • How well does my archiving solution integrate into my current email system?
  • What is the TCO of this archiving solution?

One of our customers had an existing solution in place, but unfortunately performance suffered, retrieving attachment stubs worked intermittently, and server upkeep was very time consuming. We decided to disable archiving, and setup a simple Exchange journal account until a better solution could be found.

This customer was already using Barracuda for their SPAM mail gateway appliance, so we decided to implement the Barracuda Message Archiver as well. Some notable features I thought were great:

  • Our journal account grew quicker than I imagined. The Barracuda was able to clean it out at the rate of 9500 messages per hour.
  • Full parametric search. The customer required a search of about 20 keywords for 5 users each, but also wanted to exempt certain domains from the results. The Barracuda allowed me to save a search, and duplicate it several times, changing only the user.
  • PST export of the results. Once I had queued all of my searches, it was a snap to have the search run and save to an individual PST.
  • CIFS mirroring. The appliance does not have fault tolerant disks, but it allows the email archive to be mirrored onto a filer where I can take it to tape.

Overall, the Barracuda was easy to setup, there is no server and database to maintain (it comes in the form of an appliance), and pricing is excellent. Best of all, it made our recent audit a success.

Next Steps:

Mike Solinap
Sr. Systems Integrator
SPK & Associates

Latest White Papers

The Next Chapter of Jira Service Management

The Next Chapter of Jira Service Management

The service industry is only becoming more competitive as the years pass, making efficient delivery vital to success. Development and Operations teams need to work together to deliver aid and Jira Service Management can help achieve this. Explore the future of Jira...

Related Resources

Managing Regulatory Compliance Requirements in Atlassian Cloud

Managing Regulatory Compliance Requirements in Atlassian Cloud

Regulatory compliance is not just a checkbox, but a critical element for building customer trust. Despite its importance, managing compliance is not without its challenges. Complex and evolving standards can require significant coordination across teams and...