Image by Miniyo73 from Flickr
Regardless of industry, email archiving is one of an organization’s most essential tools when it comes to ensuring compliance with legal and regulatory requirements. With the advent of Sarbanes-Oxley and similar laws such as HIPAA and the Gramm-Leach-Bliley (GLB) Act, regulatory bodies, courts, and auditors are now stringent with the way they conduct their investigations, and as such demand larger volumes of data.
As the clear majority of inter- and intra-company communications nowadays takes place through email, auditors are drawn to inboxes first and archives second. The latter are of interest to auditors and regulatory bodies due to the five-year retention period specified by SOX and its offshoot regulations as well as the wealth of audit-related information contained within. This information might include financial statements, email trails, invoices, and other documents that can indicate a company’s financial standing at any given time.
However, one can expect that the five-year retention period for email archiving will result in a massive amount of data that can be very challenging to navigate, especially if the person in charge of fulfilling audit requirements is not familiar with the documents being requested. To help auditors and regulators perform their e-discovery tasks, email archiving systems should have at least the three capabilities below.
- Searchable Master Indexes
Prior to the introduction of master indexing, auditors were forced to search through entire inboxes and individual messages for keywords. As archives kept growing by the day, this process gradually became time-consuming and resulted in a drop in productivity. Modern email archiving systems allow for the indexing of standard RFC-822 compliant headers (including the sender, recipients, and subject line) and the message body, thus drastically reducing search and retrieval time.
- Attachment Indexing
Later, email archiving solution developers included attachments in the indexes. This capability is particularly helpful if certain email users are used to attaching files to email without subject lines or message bodies. While could potentially slow down searches, particularly if the attached files are rather large, it can also uncover important documents that would otherwise be invisible to searches using header and message body data.
- Fuzzy Search Capabilities
Despite the best efforts of auditors and responding parties, search strings and keywords might be misspelled while searches are being performed, thus leading to incorrect search results and rework. To compensate for this, some email archiving systems now utilize fuzzy search capabilities. A fuzzy search generates all possible terms that are like the given keyword within a certain margin of error. One might recognize this capability from Google search and Gmail; however, similar algorithms have been deployed in all sorts of search and indexing systems, including email archives. This results in a shorter turnaround time for document requests.
Certain older versions of popular email clients do not have some or all the capabilities described above. However, this should not be an excuse for not giving auditors and regulators the information they need. There are third-party email archiving solutions that have all three key features, and every organization that is serious about protecting data and complying with industry regulations should consider implementing these solutions.