Rules and regulations

It's time for resellers to look at how they can help businesses comply with corporate governance requirements, says Bob Tarzey

You're likely to have noticed two things becoming more prevalent in recent years. First, the number of regulations being bandied about by governments and industry bodies, and second, the number of IT vendors which claim that without their product, your customers will fall foul of these regulations.

As a reseller, you do not want to ignore all this; there may well be a genuine opportunity to help your customers protect themselves and make an honest euro or two at the same time. But you don't want your customers to accuse you of scaremongering.

A good starting point is to have an idea of what it is that concerns the businesses you are selling to. Many of the suppliers you deal with will be based in the US, and their messaging will have been developed over there, where things are rather different.

There is a genuine worry in the US about government regulations, such as those imposed by the Sarbanes-Oxley Act. These regulations are not irrelevant in Europe, but for many businesses they are not the highest priority.

In fact, regulatory compliance is low down on the list for European organisations when it comes to good corporate governance. On this side of the Atlantic, managers are worried about protecting their brand name, maintaining customer confidence, increasing employee productivity and avoiding bad publicity, all of which are equally affected by poor corporate governance.

From an IT perspective, good corporate governance really comes down to two things: keeping documents and records of communications that need to be kept, and being able to retrieve required information when it comes to the crunch.

The retrieval of data might be required to prove compliance with some regulation, but equally it may be needed to solve a contractual dispute with a supplier, prove a disciplinary case against an employee, or protect against libel in the media, all of which can be detrimental to a company's brand name, customer confidence, employee productivity and other measures.

This is all well and good, but to achieve good corporate governance it is necessary to store ever-increasing amounts of data. While the density of storage media is increasing, the capacity is being outstripped by demand.

One type of data is growing more than anything else: email. This now accounts for more than half of internal and external communications, and some organisations say it represents most of the data they store. Solve the email problem and you start to help solve the storage problem, and better enable good corporate governance.

The first step is to decrease the amount of email that is being stored. Good email filtering software has been available for many years and can be used to control what is generated by employees, ensuring they stay focused on business-oriented communications.

Many organisations are already doing this, although effectiveness can always be improved. However, filtering software is not designed to make the subtle decisions about which emails should be kept to protect the business against future threats, and human intervention is impractical because of the high volumes.

The only way to be sure is to store all email that does not get stopped by filters. However, you do not need to keep it forever. Good email archiving enables rules to be put in place that reflect the requirements of the regulators, the wishes of the business and plain common sense.

For example, by default, all email should be kept for three years, unless it is sent by an employee of the legal department when it should be kept for seven years. All emails containing large attachments ending in .pdf or .ppt could be deleted after three months.

Good archiving means that rules can be put in place and adjusted through time to reflect the requirements of new regulations and changing business practices.

The danger posed by email to businesses should not be underestimated. While a weighty report is likely to have undergone intensive internal review, it's lucky if an email gets the once-over from a spell checker. There are real issue for resellers to address for their customers and pragmatic solutions to be found.

Quocirca's Email and Corporate Governance report is available free to CRN readers here.

Bob Tarzey is service director at Quocirca.
(01753) 855 794
www.quocirca.com

Click here to see the illustrations associated with this article.