The problem with e-mail storage and retention is basically this: you do not know what your employees are keeping in their e-mail mailboxes. If you are auditing workstations and you review the results, you may be shocked or amazed at what is found. Talk to your employees, explaining the risks surrounding the retention of e-mail and the reason for the destruction policy. Policies should direct employees not to retain old e-mail messages. Policies should consider that some employees may want to store e-mail on their workstation hard drives or on floppy disks, and this practice should be discouraged. Make it very clear that saving messages to hard drives and floppies violates retention policies. If e-mail is going to be saved, it must be saved in project folders or other pertinent files. In this way, e-mail is accessible and retrievable. Emphasize the risks associated with the retention of e-mail outside of policy mandates. Employees should understand that workstations are audited and one of the areas of compliance is the storage of e-mail on hard drives and other media. Through training, employees should be instructed how to delete e-mail, and should receive an explanation of how the delete folder works. Many employees will not understand that e-mail messages may sit in the delete folder unless the user manually takes steps to empty it.
Consider installing and configuring software that automatically empties employees' e-mail folders at designated intervals. Assign limited e-mail space on your mail server for individual accounts. Reducing the size of e-mail accounts will encourage employees who retain e-mail to delete it, as they will simply run out of room. Exhibit 3 is a sample policy for e-mail retention.
Subscribe to:
Post Comments (Atom)
Popular Posts
-
Often crisis responders will initiate a crisis notification through a verbal briefing. As such, it is imperative that a clear and accurate ...
-
Nessus is a popular open-source scanner for organizations that choose not to spend the money on other proprietary products. There are s...
-
Incident and problem management processes are intended to handle problems that are raised through the service desk as well as responses t...
-
The composition of the crisis and incident response teams should reflect the personnel required to analyze and deal with any events, fro...
-
Being able to classify and categorize different types of releases into release models allows one to determine the types of governance and ...
-
The IMP should be designed to follow some simple principles in order to be most effective. The plan should reflect the nature of the bus...
-
The inability to effectively gather and share information is a frequent management failure during many crisis events both within the incide...
-
The passive analysis approach has several advantages: The analyzer does not interact with the network to discover hosts and their r...
-
Many healthcare organizations confuse emergency operations planning with preparedness. In fact, developing an emergency operations plan (...
-
Each company will define the composition and structure of its own crisis response group dependent on the nature, size, and scope of the ...
0 comments:
Post a Comment