A single e-mail outage can also have long-term effects on a
company’s compliance and legal processes for gathering and producing
evidence for litigation. Fortunately, with new integrated solutions
for complete e-mail management, an organization can be sure that it
will never lose access to e-mail, and no e-mail will ever be lost.
The Problem: What Happens When E-mail Goes Down?
When a company’s e-mail does go down, employees are directly and
personally impacted. With e-mail now an integral part of all business
processes and day-to-day operations, the loss of the most widely used
business communications function set off despair and even panic.
Employees can and will be very resourceful – they will find workarounds
to e-mail outages. In many cases, they will turn to their personal
accounts (Googlemail, Yahoo, etc.) to keep sending and receiving
The business messages people send from their own e-mail accounts may
seem innocent enough. But given today’s complex web of federal and
state regulations for information compliance and legal discovery, that
is not the case.
For instance, a simple e-mail request for a personal day off may
be subject to retention under the Family Medical Leave Act; e-mail
messages that provide collaboration on financial statements may be
subject to Sarbanes-Oxley; and contract negotiations may be the subject
of a pending or later legal dispute.
Additionally, it’s not just the original e-mail message sent during an outage that is at risk – its impact multiplies to include all the messages from people who respond to the personal address for the life of that single thread.
Business e-mails outside of the corporate system can create huge gaps in compliance and could be a potential liability for a company. Companies increasingly need to produce e-mail for regulatory and legal e-discovery requests. Courts or regulatory bodies have ordered approximately 38 percent of companies to produce employee e-mail.
Moreover, the average U.S. company currently faces a staggering
305 lawsuits. Nonetheless, compliance rules do not include exceptions
for downtime. There must be a sameness of operations that bridges
normal e-mail usage, an outage or an incident, and then returns to
normalcy once the crisis has passed. IT departments and legal teams
need efficient and thorough tools to locate particular e-mail messages
when and if the need arises. In some industries, such as financial
services, they may even find it necessary to actually sample e-mail on
a regular basis.
The use of personal e-mail accounts is problematic to
organizations on many levels. The messages are not searchable,
trackable, or archived to the corporate records. When an organization
has to retrieve e-mail messages for lawsuits or compliance inquiries,
it can be very difficult, time consuming, and expensive.
A company does not want to find out about these “rogue” messages
when opposing counsel presents them. The cost and difficulty of
producing e-mail messages can be prohibitive. In fact, some industry
estimates place the cost of e-discovery at $1,200 for every person who
has information relevant to a case.
Consider the case of Murphy Oil USA, Inc. v. Flour Daniel, Inc.
E-mails from more than 700 employees were requested during the
e-discovery process. The e-mails had been saved to 93 back-up tapes,
and it cost the organization $6.2 million to restore the e-mails and
six months of time.
Compliance: Increasingly Important Driver of DR/BC Investment
The best defense for an IT manager facing the challenges of
compliance and e-discovery is a good offense – make sure e-mail always
works. To ensure high availability and compliance, many companies are
moving to e-mail management services that provide integrated
continuity, recovery, archiving, e-discovery, and storage management.
These solutions provide ongoing archiving for compliance and
discovery by storing a copy of every relevant message offsite. When
e-mail goes down, these same systems take over for the primary system
and provide continuity of e-mail service – making the downtime
invisible to end users. If messages are lost, the service is able to
restore data directly from the archived copy. Because these systems act
as a backup mail system, they eliminate downtime. Since archiving is
fully integrated, there is never a gap in compliance processes. These
unified solutions complement a company’s investment in Exchange and
other e-mail systems, and reduce the complexity of having different
vendors and solutions for different e-mail functions. More frequently,
companies are choosing managed services because they eliminate the risk
of on-premise downtime and maximize internal corporate resources.
Executive management and employees are counting on the DR teams
to make sure the organization never loses access to e-mail and that no
e-mail will ever be lost. In fact, e-mail management has become so
important to companies today that many are now classifying e-mail and
compliance applications as Tier 0 or Tier 1 applications when they do
their business impact analysis.
While DR teams have always been charged with continuity of operations and the prevention of downtime, now they must also take responsibility for ensuring the continuous operation of compliance and legal discovery processes.Although most organizations today will experience an e-mail outage, with a little advance planning and use of a robust managed e-mail service, being down does not have to mean also being out of compliance.
"Appeared in DRJ's Spring 2007 Issue"