1. ARMA Boston Spring Seminar 2011 Jesse Wilkins, CRM

2. 2  Developing an email policy  Identifying and classifying messages as records  Managing the inbox better – by managing less email  Better collaboration WITHOUT email

4. 4  Email policy elements  Policy statements  The policy development framework

6. 6  Every organization’s email policy will be different ◦ Public vs. private sector ◦ Regulatory requirements, both horizontal and vertical  There are some common areas that should be addressed  Lots of references and examples available

7. 7  Purpose  Scope  Responsibilities  Definitions  Policy statements  References

8. 8 This policy has three purposes: 1. Establish definitions relevant to the email management program 2. Describe usage policies relating to email 3. Describe security and technology policies relating to email Scope: This policy is applicable to the entire enterprise.

9. 9  Responsibilities for policy development and maintenance  Responsibilities for policy administration  Responsibilities for compliance with policy

10. 10  Uncommon terms  Common terms used in an uncommon fashion  Acronyms and abbreviations

11. 11  Many different elements available  Detailed in the next section

12. 12  List any references used to develop the policy ◦ Internal strategic documents ◦ Records program governance instruments ◦ Statutes and regulations ◦ Publications ◦ Examples and templates

13. 13  Detailed instructions for complying with policies ◦ Often separate document(s)  Each of the policy statements will have one or more procedures  May be specific to process, business unit, jurisdiction, and/or application

15. 15  Most common element of email policies today  Typically addresses things NOT to do: ◦ Obscene language or sexual content ◦ Jokes, chain letters, business solicitation ◦ Racial, ethnic, religious, or other slurs  May address signature blocks ◦ Standardization, URLs, pictures

16. 16  Guidance on writing emails ◦ Wording and punctuation ◦ Spell check and grammar check ◦ Effective subject lines  Guidance on email etiquette  Guidance on addressees

17. 17  Whether personal usage is allowed  Any limitations to personal usage  Separation of personal and business usage within individual messages  Personal email account access

18. 18  Whether email is considered to be owned by the organization  Responsibility for stewardship of messages, both sent and received  Privacy and monitoring  Third-party access

19. 19  Email is a medium, not a record type or series  Email messages can be records  Other information objects that might need to be treated as records ◦ Read receipts ◦ Bounced messages

20. 20  Email can be subject to discovery  Assigns responsibility for communicating legal holds  Describes whether or not email disclaimers will be used and how  May outline privilege issues

21. 21  Outlines whether encryption is allowed ◦ What approaches to use  Whether digital signatures are allowed ◦ What approaches to use

22. 22  Most often found as part of general policies for remote workers  Requirements for mobile devices  Requirements for web-based access  Synchronization and login requirements

23. 23  Addresses whether email will be archived  Addresses whether personal archives will be allowed  May address backups – but backups are not archives  May also address public or managed folders

24. 24  Attachment limitations ◦ Whether they can be sent at all ◦ Size limitations ◦ Content type limitations  Attachments vs. links  Content filtering  Encryption and DRM

26. 26  Approach to developing and implementing a policy  Ensures that policy development is consistent with organizational goals  Ensures that policy meets legal and regulatory requirements

27. 27  Policy development requires time and energy from users and stakeholders  So does policy implementation  Ongoing compliance will require auditing and communication  None of this happens without management support

28. 28  Policy should address the entire enterprise  Stakeholders should include: ◦ Business unit managers ◦ End users ◦ Legal, RM, IT ◦ External customers and partners

29. 29  What changes are being introduced? ◦ Processes, technologies  What are the desired outcomes?  What behavioral changes should result?

30. 30  Legal research  Organizational research  Public research ◦ Standards and guidelines ◦ Benchmarking  Consult with similarorganizations  Analyze the results

31. 31  Collaborative and iterative process  There are a number of resources available to provide an email policy framework  These are starting points and need to be customized for your requirements

32. 32  Review by legal, HR, users  Ensures it is valid  Ensures it will work within existing organizational culture  Change management

33. 33  Policy is reviewed by business managers, senior management  Complete revisions as necessary  Approve the policy

34. 34  Communication  Training  Auditing

35. 35  Monitor for compliance with policy  Solicit feedback about policy  Provide refresher training as required  Consider whether to retain previous versions of the policy  Plan for periodic review and maintenance

36. 36