United States | Messaging Regulatory Compliance

Insentra - 06.03.202020200306

Messaging Regulatory Compliance

United States | Messaging Regulatory Compliance

What is regulatory compliance?

Every organization is bound by applicable laws, policies and regulations. Failure to adhere to, or comply with, these could result in fines and prohibitions, in other words ‘significant business impact’. Regulatory compliance is simply unavoidable, and the best we can do is to stay compliant. Most messaging regulatory compliance laws require retention of emails, and below are a few examples of such regulation:

Compliance Law Region Retention
Payment Card Industry – Data Security Standards (PCI – DSS) United States 1 year
AICPAGenerally Accepted Privacy Principles (GAPP) United States Retain PII until no longer required
Australian Essential 8 (ACSC 8) Australia 3 months or more
Data Protection Act (DPA) United Kingdom Retain PII until no longer required
Sarbanes Oxley (SOX) United States 7 years
Bundesdatenschutzgesetz (BDSG) Germany Retain PII until no longer required

While the above list is limited, there are innumerable laws which apply to industries in different regions. Moreover, businesses could be subject to compliance with multiple laws, which is certainly the case with multinational organizations.

How should you choose a solution and retention strategy which addresses compliance, and caters to longer-term requirements? Here are a few pointers:

1. Start by evaluating your compliance requirements

2. Evaluate an appropriate email data governance solution. A few examples are below:

a. Journaling – A concept of storing a copy of every sent or received message

b. Archiving – This involves storing a copy of all messages on inexpensive storage and retaining the same for a predefined period. Examples include solutions like Veritas Enterprise Vault, Mimecast, Commvault

c. Retention – This concept reduces the need to move data to a different location, but rather assigns a retention tag to the data at source. Examples include retention solutions for Microsoft Exchange, O365, Google Vault

3. Consider an eDiscovery solution – Data must be produced anytime when requested. However, this is something many organizations do not plan for, thus facing huge eDiscovery costs coupled with fines. It is imperative you plan for this in advance, and preferably leverage an email retention solution which includes eDiscovery (at least as an available option). You may consider solutions from Veritas, Proofpoint, Barracuda, Mimecast

4. Reduce complexity – I have seen organizations rely on a combination of multiple solutions to address their retention and eDiscovery requirements. While this does address the problem, it adds a lot of management overhead and complexities. Hence, it is advisable to consider a wholistic solution which addresses all of these requirements. A few examples are O365 Compliance model, Veritas Enterprise Vault Cloud, Mimecast etc.

How can Insentra help with messaging regulatory compliance?

We are specialists in security solutions and our proven project methodology will help us (and you) understand your requirements better, thus mapping them with your long-term compliance goals. Please feel free to get in touch with Insentra to know more.


United States | Messaging Regulatory Compliance

The form was submitted successfully.

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

If you’re waiting for a sign, this is it.

We’re a certified amazing place to work, with an incredible team and fascinating projects – and we’re ready for you to join us! Go through our simple application process. Once you’re done, we will be in touch shortly!

Who is Insentra?

Imagine a business which exists to help IT Partners & Vendors grow and thrive.

Insentra is a 100% channel business. This means we provide a range of Advisory, Professional and Managed IT services exclusively for and through our Partners.

Our #PartnerObsessed business model achieves powerful results for our Partners and their Clients with our crew’s deep expertise and specialised knowledge.

We love what we do and are driven by a relentless determination to deliver exceptional service excellence.

United States | Messaging Regulatory Compliance

Insentra ISO 27001:2013 Certification

SYDNEY, WEDNESDAY 20TH APRIL 2022 – We are proud to announce that Insentra has achieved the  ISO 27001 Certification.