{"id":2074,"date":"2020-03-06T01:00:00","date_gmt":"2020-03-06T01:00:00","guid":{"rendered":"http:\/\/inswwdev.azurewebsites.net\/au\/insights\/uncategorized\/messaging-regulatory-compliance\/"},"modified":"2023-08-01T12:04:54","modified_gmt":"2023-08-01T12:04:54","slug":"messaging-regulatory-compliance","status":"publish","type":"post","link":"https:\/\/www.insentragroup.com\/au\/insights\/geek-speak\/managed-services-for-partners\/messaging-regulatory-compliance\/","title":{"rendered":"Messaging Regulatory Compliance"},"content":{"rendered":"<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\">What is regulatory compliance?<\/h3>\n<p>Every organisation is bound by applicable laws, policies and regulations. Failure to adhere to, or comply with, these could result in fines and prohibitions, in other words \u2018<strong>significant business impact<\/strong>\u2019. Regulatory compliance is simply unavoidable, and the best we can do is to stay compliant. Most messaging regulatory compliance laws require retention of emails, and below are a few examples of such regulation:<\/p>\n<table class=\"minimalistBlack\" border=\"0\" width=\"680\">\n<thead>\n<tr>\n<td width=\"340\">Compliance Law<\/td>\n<td width=\"123\">Region<\/td>\n<td width=\"217\">Retention<\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td width=\"340\"><a href=\"https:\/\/www.pcisecuritystandards.org\/pci_security\/\" target=\"_blank\" rel=\"noopener nofollow\">Payment Card Industry \u2013 Data Security Standards<\/a> (PCI \u2013 DSS)<\/td>\n<td width=\"123\">United States<\/td>\n<td width=\"217\">1 year<\/td>\n<\/tr>\n<tr>\n<td width=\"340\"><a href=\"https:\/\/www.aicpa.org\/\" rel=\"nofollow noopener\" target=\"_blank\">AICPA<\/a> \u2013 <a href=\"https:\/\/www.aicpa.org\/content\/dam\/aicpa\/interestareas\/informationtechnology\/resources\/privacy\/downloadabledocuments\/10252-346-records-management-pro.pdf\" target=\"_blank\" rel=\"noopener nofollow\">Generally Accepted Privacy Principles<\/a> (GAPP)<\/td>\n<td width=\"123\">United States<\/td>\n<td width=\"217\">Retain <a href=\"https:\/\/en.wikipedia.org\/wiki\/Personal_data\" target=\"_blank\" rel=\"noopener nofollow\">PII<\/a> until no longer required<\/td>\n<\/tr>\n<tr>\n<td width=\"340\"><a href=\"https:\/\/www.cyber.gov.au\/resources-business-and-government\/essential-cyber-security\/essential-eight\/essential-eight-maturity-model\" target=\"_blank\" rel=\"noopener nofollow\">Australian Essential 8<\/a> (ACSC 8)<\/td>\n<td width=\"123\">Australia<\/td>\n<td width=\"217\">3 months or more<\/td>\n<\/tr>\n<tr>\n<td width=\"340\"><a href=\"http:\/\/www.legislation.gov.uk\/ukpga\/1998\/29\/contents\" target=\"_blank\" rel=\"noopener nofollow\">Data Protection Act<\/a> (DPA)<\/td>\n<td width=\"123\">United Kingdom<\/td>\n<td width=\"217\">Retain <a href=\"https:\/\/en.wikipedia.org\/wiki\/Personal_data\" target=\"_blank\" rel=\"noopener nofollow\">PII<\/a> until no longer required<\/td>\n<\/tr>\n<tr>\n<td width=\"340\"><a href=\"http:\/\/www.soxlaw.com\/\" target=\"_blank\" rel=\"noopener nofollow\">Sarbanes Oxley<\/a> (SOX)<\/td>\n<td width=\"123\">United States<\/td>\n<td width=\"217\">7 years<\/td>\n<\/tr>\n<tr>\n<td width=\"340\"><a href=\"https:\/\/www2.deloitte.com\/dl\/en\/pages\/legal\/articles\/neues-bundesdatenschutzgesetz.html\" target=\"_blank\" rel=\"noopener nofollow\">Bundesdatenschutzgesetz<\/a> (BDSG)<\/td>\n<td width=\"123\">Germany<\/td>\n<td width=\"217\">Retain <a href=\"https:\/\/en.wikipedia.org\/wiki\/Personal_data\" target=\"_blank\" rel=\"noopener nofollow\">PII<\/a> until no longer required<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>While the above list is limited, there are innumerable laws which apply to industries in different regions. Moreover, businesses could be subject to compliance with multiple laws, which is certainly the case with multinational organisations.<\/p>\n<p>How should you choose a solution and retention strategy which addresses compliance, and caters to longer-term requirements? Here are a few pointers:<\/p>\n<p style=\"padding-left: 40px;\">1. Start by evaluating your compliance requirements<\/p>\n<p style=\"padding-left: 40px;\">2. Evaluate an appropriate email data governance solution. A few examples are below:<\/p>\n<p style=\"padding-left: 80px;\">a. <a href=\"https:\/\/docs.microsoft.com\/en-us\/exchange\/policy-and-compliance\/journaling\/journaling?view=exchserver-2019\" target=\"_blank\" rel=\"noopener nofollow\" data-anchor=\"?view=exchserver-2019\">Journaling<\/a> \u2013 A concept of storing a copy of every sent or received message<\/p>\n<p style=\"padding-left: 80px;\">b. <a href=\"https:\/\/en.wikipedia.org\/wiki\/Email_archiving\" target=\"_blank\" rel=\"noopener nofollow\">Archiving<\/a> \u2013 This involves storing a copy of all messages on inexpensive storage and retaining the same for a predefined period. Examples include solutions like <a href=\"https:\/\/www.veritas.com\/en\/uk\/insights\/enterprise-vault\" target=\"_blank\" rel=\"noopener nofollow\">Veritas Enterprise Vault<\/a>, <a href=\"https:\/\/www.mimecast.com\/products\/cloud-archive\/\" target=\"_blank\" rel=\"noopener nofollow\">Mimecast<\/a>, <a href=\"https:\/\/www.commvault.com\/complete-backup\" target=\"_blank\" rel=\"noopener nofollow\">Commvault<\/a><\/p>\n<p style=\"padding-left: 80px;\">c. Retention \u2013 This concept reduces the need to move data to a different location, but rather assigns a retention tag to the data at source. Examples include retention solutions for <a href=\"https:\/\/docs.microsoft.com\/en-us\/exchange\/policy-and-compliance\/mrm\/retention-tags-and-retention-policies?view=exchserver-2019\" target=\"_blank\" rel=\"noopener nofollow\" data-anchor=\"?view=exchserver-2019\">Microsoft Exchange<\/a>, <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/retention-policies\" target=\"_blank\" rel=\"noopener nofollow\">O365<\/a>, <a href=\"https:\/\/support.google.com\/vault\/answer\/2990828?hl=en\" target=\"_blank\" rel=\"noopener nofollow\" data-anchor=\"?hl=en\">Google Vault<\/a><\/p>\n<p style=\"padding-left: 40px;\">3. Consider an eDiscovery solution \u2013 Data must be produced anytime when requested. However, this is something many organisations do not plan for, thus facing huge eDiscovery costs coupled with fines. It is imperative you plan for this in advance, and preferably leverage an email retention solution which includes eDiscovery (at least as an available option). You may consider solutions from <a href=\"https:\/\/www.veritas.com\/en\/uk\/insights\/ediscovery-platform\" target=\"_blank\" rel=\"noopener nofollow\">Veritas<\/a>, <a href=\"https:\/\/www.proofpoint.com\/uk\/products\/ediscovery-analytics\" target=\"_blank\" rel=\"noopener nofollow\">Proofpoint<\/a>, <a href=\"https:\/\/www.barracuda.com\/products\/essentials?&amp;utm_source=google&amp;utm_medium=search_cpc&amp;utm_campaign=1643970145&amp;utm_adgroup=68401317568&amp;utm_term=ediscovery%20solutions&amp;utm_position=1t2&amp;utm_matchtype=p&amp;utm_device=c&amp;utm_content=315712012512&amp;gclid=CjwKCAiA3OzvBRBXEiwALNKDP982DkpKwXOXBiMmwxqN71Ua_ZOz8kuMfFHjwbYRKiT-AIM6zdLBzxoCfWAQAvD_BwE\" target=\"_blank\" rel=\"noopener nofollow\" data-anchor=\"?&amp;utm_source=google&amp;utm_medium=search_cpc&amp;utm_campaign=1643970145&amp;utm_adgroup=68401317568&amp;utm_term=ediscovery%20solutions&amp;utm_position=1t2&amp;utm_matchtype=p&amp;utm_device=c&amp;utm_content=315712012512&amp;gclid=CjwKCAiA3OzvBRBXEiwALNKDP982DkpKwXOXBiMmwxqN71Ua_ZOz8kuMfFHjwbYRKiT-AIM6zdLBzxoCfWAQAvD_BwE\">Barracuda<\/a>, <a href=\"https:\/\/www.mimecast.com\/content\/ediscovery-software\/\" target=\"_blank\" rel=\"noopener nofollow\">Mimecast<\/a><\/p>\n<p style=\"padding-left: 40px;\">4. Reduce complexity \u2013 I have seen organisations rely on a combination of multiple solutions to address their retention and eDiscovery requirements. While this does address the problem, it adds a lot of management overhead and complexities. Hence, it is advisable to consider a wholistic solution which addresses all of these requirements. A few examples are <a href=\"https:\/\/docs.microsoft.com\/en-us\/office365\/servicedescriptions\/office-365-platform-service-description\/office-365-securitycompliance-center\" target=\"_blank\" rel=\"noopener nofollow\">O365 Compliance model<\/a>, <a href=\"https:\/\/www.veritas.com\/en\/uk\/insights\/enterprise-vault-cloud\" target=\"_blank\" rel=\"noopener nofollow\">Veritas Enterprise Vault Cloud<\/a>, <a href=\"https:\/\/www.mimecast.com\/content\/ediscovery-software\/\" target=\"_blank\" rel=\"noopener nofollow\">Mimecast<\/a> etc.<\/p>\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\">How can Insentra help with messaging regulatory compliance?<\/h3>\n<p>We are specialists in security solutions and our proven project methodology will help us (and you) understand your requirements better, thus mapping them with your long-term compliance goals. Please feel free to get in touch with Insentra to know more.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is regulatory compliance? Every organisation is bound by applicable laws, policies and regulations. Failure to adhere to, or comply with, these could result in fines and prohibitions, in other words \u2018significant business impact\u2019. Regulatory compliance is simply unavoidable, and the best we can do is to stay compliant. Most messaging regulatory compliance laws require&hellip; <a class=\"more-link\" href=\"https:\/\/www.insentragroup.com\/au\/insights\/geek-speak\/managed-services-for-partners\/messaging-regulatory-compliance\/\">Continue reading <span class=\"screen-reader-text\">Messaging Regulatory Compliance<\/span><\/a><\/p>\n","protected":false},"author":9,"featured_media":2075,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[24],"tags":[],"class_list":["post-2074","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-managed-services-for-partners","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/posts\/2074","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/comments?post=2074"}],"version-history":[{"count":1,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/posts\/2074\/revisions"}],"predecessor-version":[{"id":18809,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/posts\/2074\/revisions\/18809"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/media\/2075"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/media?parent=2074"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/categories?post=2074"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/au\/wp-json\/wp\/v2\/tags?post=2074"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}