Presentation is loading. Please wait.

Presentation is loading. Please wait.

Creating an Effective Email Policy Central Missouri Chapter Jesse Wilkins April 16, 2009.

Published byBerenice Summers Modified over 9 years ago

Similar presentations

Presentation on theme: "Creating an Effective Email Policy Central Missouri Chapter Jesse Wilkins April 16, 2009."— Presentation transcript:

1 Creating an Effective Email Policy Central Missouri Chapter Jesse Wilkins April 16, 2009

2 ELEMENTS OF AN EMAIL POLICY 2

3 Email policy Critical requirement for effective governance Provides broad policy statements Should be included in broader communications or IT policy Lots of references and examples available 3

4 Email policy elements Every organization’s email policy will be different –Public vs. private sector –Regulatory requirements, both horizontal and vertical There are some common areas that should be addressed 4

5 Policy elements Purpose Scope Definitions Policy statements Procedures Responsibilities References 5

6 Purpose and scope This policy has three purposes: 1.Establish definitions relevant to the email management program 2.Describe usage policies relating to email 3.Describe security and technology policies relating to email Scope: This policy is applicable to the entire enterprise. 6

7 Definitions Uncommon terms Common terms used in an uncommon fashion Acronyms and abbreviations 7

8 Acceptable usage Most common element of email policies today Typically addresses things NOT to do: –Obscene language or sexual content –Jokes, chain letters, business solicitation –Racial, ethnic, religious, or other slurs May address signature blocks –Standardization, URLs, pictures 8

9 Effective usage Guidance on writing emails –Wording and punctuation –Spell check and grammar check –Effective subject lines Guidance on email etiquette Guidance on addressees 9

10 Personal usage Whether personal usage is allowed Any limitations to personal usage Separation of personal and business usage within individual messages Personal email account access 10

11 Ownership and stewardship Whether email is considered to be owned by the organization Responsibility for stewardship of messages, both sent and received Privacy and monitoring Third-party access 11

12 Retention and disposition Email is a medium, not a record type or series Email messages can be records –Subject to open records/FOIA, discovery, etc. Other information objects can be records –Calendars –Read receipts/bounces 12

13 Legal issues Email can be subject to discovery Assigns responsibility for communicating legal holds Describes whether or not email disclaimers will be used and how May outline privilege issues 13

14 Encryption and digital signatures Outlines whether encryption is allowed –What approaches available for encryption Whether digital signatures are allowed –What approaches to use 14

15 Mobile and remote email Most often found as part of general policies for remote workers Requirements for mobile devices Requirements for web-based access Synchronization and login requirements 15

16 Archival Addresses whether email will be archived Addresses whether personal archives will be allowed May address backups – but backups are not archives 16

17 Security Attachment limitations –Whether they can be sent at all –Size limitations –Content type limitations Attachments vs. links Content filtering Encryption and DRM 17

18 Procedures Detailed instructions for complying with policies Each of the policy statements will have one or more procedures May be specific to process, business unit, jurisdiction, application 18

19 Responsibilities Responsibilities for policy development and maintenance Responsibilities for compliance with policy –Managers –Users –Specialist staff 19

20 References List any references used to develop the policy –Internal strategic documents –Records program governance instruments –Publications 20

21 DEVELOPING THE EMAIL POLICY 21

22 The policy framework Approach to developing and implementing a policy Ensures that policy development is consistent with organizational goals Ensures that policy meets legal and regulatory requirements 22

23 1. Get management support Policy development requires time and energy from users and stakeholders So does policy implementation Ongoing compliance will require auditing and communication None of this happens without management support 23

24 2. Identify stakeholders Policy should address the entire enterprise Stakeholders should include: –Business unit managers –End users –Legal, RM, IT –External customers and partners 24

25 What changes are being introduced? –Processes, technologies What are the desired outcomes? What behavioral changes should result? 25 3. Identify the goals of the policy

26 4. Conduct the research Legal research Organizational research Public research –Standards and guidelines –Benchmarking Consult with similar organizations Analyze the results 26

27 5. Draft the policy Collaborative and iterative process There are a number of resources available to provide an email policy framework These are starting points and need to be customized for your requirements 27

28 6. Review the policy Review by legal, HR, users Ensures it is valid Ensures it will work within existing organizational culture Change management 28

29 7. Approve the policy Policy is reviewed by business managers, senior management Complete revisions as necessary Approve the policy 29

30 8. Implement the policy Communication Training Auditing 30

31 Monitor for compliance with policy Solicit feedback about policy Provide refresher training as required Consider whether to retain previous versions of the policy Plan for periodic review and maintenance 9. Once the policy is live 31

32 Questions? 32

33 For more information Jesse Wilkins, erm m, emm m, ecm m Access Sciences Corporation (303) 574-0749 direct jwilkins@accesssciences.com http://informata.blogspot.com http://www.accesssciences.com/blogs Twitter: jessewilkins 33

Download ppt "Creating an Effective Email Policy Central Missouri Chapter Jesse Wilkins April 16, 2009."

Similar presentations

EMS Checklist (ISO model)

EMS Checklist (ISO model)
Software Quality Assurance Plan

Software Quality Assurance Plan
Copyright © AIIM | All rights reserved. #AIIM The Global Community of Information Professionals aiim.org Information Management and Social Media Jesse.

Copyright © AIIM | All rights reserved. #AIIM The Global Community of Information Professionals aiim.org Information Management and Social Media Jesse.
ISO 9001:2000 Documentation Requirements

ISO 9001:2000 Documentation Requirements
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
NZ’s STATE SAFETY PLAN W hat the CAA has to do to implement its SMS CAA/AIA/GAPAN South Pacific Aviation Symposium on SMS Simon Clegg General Manager -

NZ’s STATE SAFETY PLAN W hat the CAA has to do to implement its SMS CAA/AIA/GAPAN South Pacific Aviation Symposium on SMS Simon Clegg General Manager -
Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.

Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.
Microsoft Outlook is a tool that includes email, calendaring, and tasks.

Microsoft Outlook is a tool that includes , calendaring, and tasks.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
CST 481/598 x.2.  Broad overview of policy material  What is a “process”  Tiers (not tears) Many thanks to Jeni Li.

CST 481/598 x.2.  Broad overview of policy material  What is a “process”  Tiers (not tears) Many thanks to Jeni Li.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Www.adira.org Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.
Prepared by Long Island Quality Associates, Inc. ISO 9001:2000 Documentation Requirements Based on ISO/TC 176/SC 2 March 2001.

Prepared by Long Island Quality Associates, Inc. ISO 9001:2000 Documentation Requirements Based on ISO/TC 176/SC 2 March 2001.
Network security policy: best practices

Network security policy: best practices
A Guide to Getting Started

A Guide to Getting Started

Similar presentations

Ads by Google