Fortis Email Management: Compliance, Risk and Accessibility

1 / 41

About This Presentation

Title:

Fortis Email Management: Compliance, Risk and Accessibility

Description:

Patriot Act. Toxic Substances Control Act. Civil Rights Act of 1964 ... Terrorism Act of 2001 (Patriot Act) Journal to Archive ... – PowerPoint PPT presentation

Number of Views:56

Avg rating:3.0/5.0

Slides: 42

Provided by: Bwes

more less

Transcript and Presenter's Notes

Title: Fortis Email Management: Compliance, Risk and Accessibility

1
Fortis Email Management Compliance, Risk and
Accessibility
2
Elements of Email Management?

eDiscovery
Speed of Retrieval
Disaster Recovery
Storage Management
Knowledge Management
PST Management
Centralized storage

3
Facts

Almost 80 of employees admit to sharing
confidential information via email
In the last 12 months, 17 of Fortune 1000
companies have had to disclose the content of
corporate email as part of ongoing trials.
Email constitutes a written communication that
carries the same formality and weight of a
certified letter
Deleted email is never completely deleted

4
Facts

Deleting email on a regular basis is no guarantee
an organization will not be held liable for
producing email
In the past 3 years, 81 of IT departments have
been required to search back-ups to retrieve one
or more emails
Almost 50 of organizations have been ordered by
a court or regulatory body to produce email
4 out of 5 users employ personal/local archives
(PST) to store messaging system data

OK, but why do I need it?

6
Top 10 Reasons CIOs Buy Email Management

Because the SEC/FDA/ATF/DOT/FED is breathing down
our neck
Because we should be proactive protecting against
liabilities (removing PST files, malicious
deleting, legal.)
Because we have no place to store current/past
employee contacts/calendars/tasks and email
correspondence
Because we just got sued for A LOT of money
Because we have no long term strategy for email

7
Top 10 Reasons CIOs Buy Email Management

Because we have no security around current email
archiving
Because our corporate emails are now accessible
to our CRM, ERP, SIS, AP, EMR systems for
back-up, problem resolution, approval and general
reference
Because we just got audited and HIPPA/SOX/GLB
tells us we need to
Because email archiving is part of a larger
centralized initiative for content management
Because email management provides a valuable
knowledge base for reference

Great, but how do I use it
within my business?

9
Archiving Events

Employee is terminated or leaves
Need to keep import contacts, calendar
appointments, emails
But where do you put it back-up tapes dont
provide access
Project, case or litigation is complete
Public folders or individual mail folders are
archived
Retention schedule for general storage
Do you just let your Exchange hard drives
fill-up?
After several years what happens to those hard
drives
Manage real-time project correspondence
Collaborative environment

10
Centralized Storage Strategy
Exchange
Storage Media
SAN
CD/DVD
NAS
11

Email Management and Compliance

12
Important Compliance Mandates

Broker-dealers
SEC Rules 17a-3 and 17a-4
NASD Rules 2210 and 3110
NYSE Rules 440, 342 and 472
NFA Rule 2-9
Registered investment advisors
Investment Advisers Act Rule 204-2
The Investment Dealers Association of Canada
IDA By-law 29.7
K-12 and Higher Education
Family Educational Rights and Privacy Act (FERPA)

13
Important Compliance Mandates

Financial services
NCUA Part 749
12 CFR 226.25
17 CFR 270
17 CFR 275
17 CFR 240
Large, public companies
Sarbanes-Oxley, Sections 404 and 802.
Healthcare-related information
Health Insurance Portability and Accountability
Act (HIPAA)
Contractors to the US federal government
Federal Acquisition Regulation (FAR).

14
Important Compliance Mandates

Almost all organizations, are subject to
regulations like
Gramm-Leach-Bliley Act
Californias SB 1386
Americans with Disabilities Act
Patriot Act
Toxic Substances Control Act
Civil Rights Act of 1964
Personal Information Protection and Electronic
Documents Act (Canada)
Cyber Security Enhancement Act

15
What If You Dont Comply?

When February 2006
Who Ronald Perelman sued Morgan Stanley
Fine Perelman won a 1.7 billion judgment.
Why Inability to produce the required emails
Judge explained failure to produce the emails was
an act of bad faith

16
What If You Dont Comply?

When March of 2004
Who Bank of America
Fine 10 million
Why Failure to meet SEC compliance
Continue to retain email records regarding a
recent merger
Misled regulators
Took too long to produce evidence in an
investigation
The bank complained that it would be too much
work to produce certain archived emails
Took the bank nearly two years to produce all of
the emails

17
What If You Dont Comply?

When December 2002,
Who Salomon Smith Barney, Morgan Stanley, Piper
Jaffrey Hopwood, Deutsche Bank and Goldman
Sachs
Fine 8.25 million
Why Failure to adhere to SEC Rule 17a-4 which
requires broker-dealers to preserve electronic
data on non-rewritable, non-erasable storage.

Now, lets review Fortis Email Management and how
it can address what we just discussed

19
What is Fortis Email Management?

Best-of-breed solution powered by Sherpa
Softwares Archive and Mail Attender products
Fortis Email Management consists of a server-side
Microsoft Exchange level archiving tool
Does NOT sit on the Exchange server
Provides back-end, transparent archiving of
Exchange email accounts to Fortis or other UNC
paths
All Exchange types are stored as MSG in Fortis
All archived MSG files can be launched back to
Outlook
Fortis never changes the original file format
Data about the email can be exported to XML or
ASCII
Attachments are stored in their native format

20
Solution Flow
21
Fortis Email Management Can

Archive for specific users or departments
Archive specific content based on keywords
Archive all incoming and outgoing messages from
the journal mailbox in native format
Search archived data for compliance
Auto index archived messages with header data
Maintain audit trails of all activity
Enforce retentions and policies

22
Policy Enforcement - Retention

70 preset rules
Flexible policy management criteria
Folder level management
Customize reports
Multiple levels of deletion

23
Email Retention

Hierarchical Storage Management- move older/less
critical data to secondary storage
Delete archived messages after retention period
expires

24
eDiscovery and Searching

Administrator can search across all archives
(messages and/or attachments)
Allow Compliance/Security Officer to conduct
searches across the archives
Multi-threaded, simultaneous searching of
individual indexes allows for faster responses
Use DocPack to provide emails to auditors

25
Fortis Email Management Retrieval

Store Once, Access from Anywhere
Outlook Web Access (OWA) support
Retrieve emails from Fortis Portal/Portal Mobile
Native MSG
PDF, JBIG
AJAX TIFF
Retrieve emails from Fortis Web
Launch
Outlook folder home directory

26
Easy Retrieval from Fortis

Select the Archived Emails Outlook folder
Fortis Portal
Fortis Web

27
Easy Retrieval from Fortis

3. Fortis LAN client

28
Easy Retrieval

4. Select the URL on the email stub
Requirements
Fortis Web or
Fortis Portal

The Importance of Exchange Journaling to an
Archive Solution

30
What is Journaling?

Journaling is the ability to record all
communications in an organization.
It is important to understand the difference
between journaling and archiving.
Journaling is the ability to record all email
communications
Archiving refers to reducing the strain of
storing data by backing it up, removing it from
its native environment, and storing it elsewhere
You may use Exchange journaling as a tool in your
e-mail retention or archival strategy

31
Why Journaling?

Organizations must maintain records of
communication that occur when employees perform
daily business tasks
Regulations with requirements for journaling
Sarbanes-Oxley Act
SEC Rule 17A-4
NASD 3110 and 3111
Gramm-Leach-Bliley Act (Financial Institution
Privacy Protection Act of 2001, Financial
Institution Privacy Protection Act of 2003)
Healthcare Insurance Portability and
Accountability Act of 1996 (HIPAA)
Terrorism Act of 2001 (Patriot Act)

32
Journal to Archive
33

So, why cant I use Exchange to manage my emails?

34
Exchange Limitations

PST files - no central management within Exchange
Poor reporting and trending capabilities
Retention and automated purging
Black hole for storage always expanding
Exchange storage
Limited options to manage journal emails
No good continuity strategy
Limited policy enforcement options no
granularity

Who are the competitors and how does FEM
differentiate itself?

36
Competitive Landscape

Top-tier Competitors
Symantec Enterprise Vault
MessageOne
EMC
Iron Mountain
Fortiva
NearPoint by Mimosa Systems
Differentiators
Very expensive
Difficult to implement
Only work with Exchange
Not integrated with turn-key records and document
management

37
Target Market

Regulated Industries
Financial services
Broker-dealers in securities trading
Investment advisors
Large public companies
Healthcare
Contractors to the federal government
Banks
These customers MUST implement email management
Unregulated Industries
Legal
Architects
Manufacturing for quality control processes
Transportation
Education

38
Questions to Ask

What are your email policies and how are they
enforced?
Do your email policies address the need to reduce
storage costs, increase security, and reduce
liability?
What are you doing with outbound emails?
How do your email policies differ by department?
Are you aware of compliance mandates that affect
email archiving and retention?
Are you within the financial services, healthcare
or banking industries? If so, are you in
compliance with strict regulations around email
management?

39
Fortis Email Management Advantages