Email Management

ERM Community Wiki

Community Topic(s): ERM


Email needs to be managed like any other business record: Email Management Is Not Optional. Email management best practices begins with the identification of business relevant emails and a policy for the classification, storage, and destruction of these emails in accordance to, and consistent with, your business standards. From there, you can begin to lock down your Email Management Solution Requirements. Regardless of where you are in managing your emails, the critical first step is to get started. Your employees may have to be involved, somehow, in creating records from email.

You have too much email and it's almost certainly out of control. As email has become central to how business gets done (despite GoogleWave, new collaboration tools, SharePoint, etc.), the management of email has not kept pace with its importance. Email continues to be used to communicate with customers, brainstorm products, make and document business decisions, and serve as de facto knowledge stores for workers. The continued lax attitude confirmed in AIIM's 2009 ERM Industry Watch reveals that 53% of surveyed companies didn't have a process for ediscovery related to emails; surrounding the use of email, and a lingering perception that it's “just” email, exposes all organizations to unnecessary risk. Any email—whether residing on the messaging server, in the “deleted” folder, “archived” and saved locally, or on a shared drive—is discoverable. And, as email overlaps with compliance issues, the task of keeping what’s needed and getting rid of the rest becomes even more difficult.

In addition to exposing organizations unnecessarily to risk, mismanagement of email is also costly—it takes around $100,000 to manage one terabyte of email for one year. While difficult, you can control your emails as you control any other business document or record. And emails must be treated as any other business document and potential record. Some emails are ephemeral and need to be disposed of. Other emails are business records. You have to separate the wheat from the chaff—and there's a lot of chaff—and then save the wheat in a repository that can provide access to that information when required. And just because you’ve outsourced email storage to the cloud, you are still responsible for controlling those records.

You shouldn't keep everything, but you do have to keep the important emails. Email needs to be linked to a records management system, which allows the appropriate retention schedules to be applied while easing retrieval issues and ensuring that emails and attachments are stored once. Unmanaged, email can overwhelm your IT systems and cause great damage to the health and image of your company. Guided into the appropriate channels, email can continue to power your organization. You need an Email Management Policy To implement that policy, you need a project team for email management. Part of any project is the need for Change Management

Saving all emails to an archive or to backup tapes is a recipe for disaster. IT departments often think that backing up emails to tape is sufficient. It is not. In addition to the problem of merely finding the correct email—since backup files do not index emails, saving emails that you don't need exposes a company to unnecessary risk. The wise company will filter its emails so that they are managed by a records management system. Email management is not just a storage issue. MoReq 2 provides guidance on declaring emails as records.

AIIM's 2009 ERM Industry Watch can be found at http://www.aiim.org/Research/Electronic-Records-Management-Research.aspx


The wiki text is available under the Creative Commons Attribution License agreement.

Blog email facebook linkedin Rss Twitter Youtube

Copyright © AIIM 2013 Privacy Policy