That's where Microsoft Exchange 2010 can help. It has several tools to assist with policy and compliance:
- Transport rules: One of the most powerful tools provided in Exchange is the ability to create transport rules. They are powerful for two reasons. First, the messaging structure of Exchange has all messages going through at least one Hub Transport server and possibly through Edge Transport servers. These are key servers where rules can be applied to messages while in transit. Those rules include conditions, actions, and possibly exceptions. You can use transport rules to prevent inappropriate content from coming in or leaving your environment. You can filter confidential information, track messages, redirect messages, apply disclaimers, and much more.
- Message classifications: Exchange 2010 allows messages to be classified, or tagged, either through a transport rule or manually by a user when creating the email. Essentially, this adds metadata to the message that describes the use or audience of the message. For example, you might attach an Attorney/Client Privileged (A/C Privileged) classification to a message if you are routing an email between a law office and a client.
- Journaling: This is the ability to create a record of all email communications going in and out of your organization. You should have a retention and archiving strategy to meet the compliance requirements that apply to your business, and a journal is a key enabling mechanism for doing so.
- Messaging records management: Users have tons of email that is business-oriented -- and tons of email that simply isn't. If there is no business value to an email, there is no need to retain that content. Messaging records management helps by moving messages into Deleted Items or permanently deleting messages that go beyond a certain retention time. Those messages may also be journaled at the same time so that they aren't lost.
- Personal archive: One of the biggest headaches to the compliance world is the fact that mailbox size restrictions have many users storing data locally on their systems through .pst files. This can make discovery a costly endeavor -- and perhaps an impossible one. With Exchange 2010, users can now have a personal archive added to their mailbox that is retained on the servers themselves. This provides an alternate storage location without having it reside on the desktop, so it can be managed appropriately with compliance in mind.
Two other useful capabilties in Exchange 2010 include its information rights management and the ability to use the Exchange Control Panel to perform multiple-mailbox e-discovery searches for data. It can also establish a "legal hold" when there is some expectation that a legal situation is brewing for specific users; this hold ensures that all items are retained in a way that is transparent to the user.
Depending on your environment, these tools may be all that you need to be in compliance with legal requirements. In some circumstances you may have other solutions in play. What tools are you using to be in compliance?
This article, "The building blocks for compliance in your messaging system," was originally published at InfoWorld.com. Read more of J. Peter Bruzzese's Enterprise Windows blog and follow the latest developments in Windows at InfoWorld.com.