Best practices for managing email retention policies

Best practices for managing email retention policies

Best practices for managing an email retention policy?

Some organizations have specific templates and requirements for policies or procedures, so first check to see what policy-making resources already exist.

Identify stakeholders

If a RIM manager or team already exists, they will be guiding the process to ensure emails that are also records receive consistent treatment in line with organization-wide records management requirements. Legal and compliance also need to participate.

The IT security team must get engaged to ensure the storage location has the appropriate size and security, based on the regulatory and legal requirements for the storage of this information.

If the organization has a risk management team, they need a seat at the table and, if not, someone with a legal background must consider the risk of what is being retained for business continuity or collaboration purposes. Each department that wants to retain emails for business continuity must participate in the policy-making process.

Gather stakeholder requirements

After assembling the right experts, the next step is gathering all the requirements for email retention in a consistent format. Some organizations will ask teams to make a business case to minimize the risks and challenges presented by saving too much email.

Classify email types

Not all emails that must be retained can or should be treated equally. Classifying emails into categories based on the reason for saving allows a retention duration to be specified for each class of email. Emails that serve as the paper trail for the company budget process probably don’t need to be saved beyond the fiscal year, while those documenting the submission of tax materials to an outside auditor, for example, likely need to be saved much longer.

Document retention requirements for each email type

The owner of each email retention requirement must classify email types so retention periods can be defined for that email type. This process creates groups of emails that receive the same treatment and the same retention duration.

Determine where emails will be retained

Now that users know which emails they need to save, the next step is defining the best location for those emails to live. With, Microsoft 365 users can store emails on SharePoint or Teams without ever leaving Outlook.

Access permissions/control

Now that emails no longer live in personal drives, the organization must define who should have access to each storage location and develop a procedure for providing or rescinding access as needed.

Write an email retention policy

Most lawyers and regulators won’t take your word for it, so the almost-final step is documenting the email types, where each type is stored, and the storage duration for each type. Make sure to document the departments that were involved, to whom the policy applies, and the next date of review.

Internal approval/sign-off

The final step is to document sign-off from the required stakeholders and pat yourself on the back for a job well done!

© Copyright 2024 All trademarks, trade names, service marks and logos referenced herein belong to their respective companies