Email's Role in RIM Compliance - harmon.ie

November 2, 2022Email's Role in RIM Compliance

Records and information management—known as RIM for short—isn’t itself a regulation or compliance standard, but rather an essential component for satisfying the needs of many different regulatory bodies and governance standards.

When most people think of retaining records for posterity, they usually focus on documents and data files containing contracts, schematics, and other pertinent details. But most organizations generate exponentially more emails than individual files, many of which contain information, communication exchanges, and decisions just as important to regulatory bodies.

This assumption has major repercussions for businesses working in regulated industries or with contractual and/or legal obligations to identify and store any relevant record, regardless of its digital format.

From finance to government work to healthcare, almost all regulated industries require businesses to manage and archive important documents and communications for future review. For example, ISO 15489 demands "the creation, receipt, maintenance, use and disposition of records, including the processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records."

For the 5% or so of emails meeting the “record” threshold, those messages and attachments require the same level of retention, categorization, and control as a legal contract or planning document.

RIM compliance for files

Most information organizations must capture, store, and control tends to be files. Microsoft Word documents, PowerPoint presentations, Visio diagrams, PDFs, etc., may contain a vast array of information, but they can all be easily saved or copied to a server or the cloud or get automatically backed up from a device.

For organizations using the full Microsoft suite or even Google Workspace, many files already “live” in these controlled environments, be it cloud-based file storage or Microsoft SharePoint. With some basic business rules and best practices, IT departments can facilitate effortless compliance on the part of their colleagues in the rest of the organization.

But what about emails?

Emails represent a trickier task in the RIM arena. For starters, not every email is a record. In fact, unless you’re a bank or government agency, the vast majority of email communications have no regulatory need for retention, adding an additional layer of effort required to identify which emails to save.

Start with your RIM policy and ensure it is up-to-date and clear, both on the classification criteria and the requirements for each class of documents. Next, you must train your employees, establishing a cadence for training refreshers and updates along with assessments to demonstrate knowledge.

All good policies explain the consequences of noncompliance for the employee, however, since behavior change is not easy, it’s essential that this training is clear, consistent, and reinforced by senior leadership.

Once you have the staff primed and ready to spot record-worthy emails, the next step is giving employees an easy way to save them for posterity. Here’s where email gets really challenging because individual emails aren’t considered “files” within the overall Microsoft IT ecosystem. You can’t just save it as a file, move it to a file directory, etc., with off-the-shelf versions of Microsoft 365.

Turning emails into records in SharePoint

With an end goal of capturing all qualifying emails as individual records in a central, secure, storage system, businesses face the daunting task of getting each individual employee to classify, categorize, and lock down every applicable email into SharePoint.In addition to the contents of the email itself, metadata including the true document date, subject, category, or case identifier, must also remain digitally attached to that record, which will eventually be shifted to a read-only state to prevent any after-the-fact funny business. Given the volume of emails employees receive every day, this task can shift from mildly annoying to downright overwhelming without a simple solution integrated directly into the workflows and applications people already use regularly.

In addition to the contents of the email itself, metadata including the true document date, subject, category, or case identifier, must also remain digitally attached to that record, which will eventually be shifted to a read-only state to prevent any after-the-fact funny business. Given the volume of emails employees receive every day, this task can shift from mildly annoying to downright overwhelming without a simple solution integrated directly into the workflows and applications people already use regularly.

With the harmon.ie 365 Suite, employees can do this without ever leaving Outlook. Users can just drag one or more qualifying email directly to the appropriate SharePoint folder designated for RIM, capturing both the message’s contents and any attachments for posterity. After adding the corresponding metadata, employees can move on to their next task, confident they’ve met the applicable RIM requirements and keeping the organization compliant and prepared for any subsequent audits or reviews.

© Copyright 2022 harmon.ie. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies