Navigation * Home / Solutions / Email Archiving & Compliance / Forensic Compliance

Forensic Compliance System (FCS) vs. Archiving

Email archiving is usually an IT-driven purchase made as a result of the problems that email storage brings to the IT department. Email servers' performance can deteriorate exponentially when storing vast amounts of old email, and users have to suffer email quotas as a result. With higher and higher volumes year on year, email management is now a pressing IT problem that won't go away.

Archiving alleviates many of these storage problems very well, and some sophisticated versions offer fast retrieval and other features. However, when those same systems are employed as a compliance solution, the organisation is open to huge exposures and liabilities.

Increasing privacy and confidentiality legislation now means that many email archiving solutions breach the law when it comes to protecting data, protecting access to data, and auditing any access. These days a huge amount of personal data such as salary information, illness records - even employees' lunch preferences - are sent via email, and many companies are late to realise that email must be protected by more than a simple archiving system.

Increasing mandatory retention requirements also make demands on archiving systems that they are often totally incapable of complying with; particularly when required to, for example, demonstrate that data within the archive could not have been altered or deleted without leaving an evidence trail. A forensic record is a full record, so any system allowing alteration or deletion via 'policy based storage' or 'user-decision' falls short of the mandatory standards required.

IT departments are therefore realising that they must directly involve the Legal, Compliance, Data Protection, and HR departments before deploying solutions that may result in e.g. a wholesale breach of the Data Protection Act 1998. All organisations have a legal duty of care to employees to protect their data privacy, and a legal duty to shareholders and regulators to be able to demonstrate the integrity of stored data.

A true Forensic Compliance System will record other data at the same time as the message; for example it ensures the integrity of records by digitally finger printing each record so that when it is later retrieved, it can be calculated that the record retrieved was the same as when it was stored. A FCS will for example also record distribution lists in real-time in order to demonstrate exactly who received a particular email, again not possible with standard archiving. It will also verify feeds from mail servers, and record Trusted Time against each record.

Fast searching and retrieval of old emails is now essential for dispute resolution and mandatory delivering up of information (e.g. FSA requires full records to be produced within 24 hrs). Back-up tapes and many archiving products cannot facilitate this. (It's worth pointing out that while archiving systems are inadequate for compliance, an even worse solution is to rely on back-up tapes. A once-per day archive cannot ever be regarded as appropriate, as emails deleted during the day are not recorded, and in the event of server failure an entire day's data will be lost. Restoring email records from back-up, or finding one particular email that may have been sent many months before, is an impossible task.)

In summary, whilst both FCS and archiving products address email storage concerns, A FCS has the added benefit of addressing the compliance and regulatory issues by allowing strict compliance with regulatory authorities' retention periods, various privacy legislation including the Data Protection and Human Rights Acts, and also provide the ability to produce email evidence with high evidential weight in a court of law.

If you would like to contact a member of our consultancy team today please either telephone or email;

Tel: +44 (0) 1622 618 752
Email: consultancy@bii-compliance.com