Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2006-11-27
Microsoft Exchange Server 2007 is designed from the ground up to help users meet compliance requirements. Exchange 2007 offers you several features that help you capture e-mail messages in a user mailbox and as they flow in, through, and out of your organization.
The following list provides several examples of the areas where compliance features in Exchange 2007 can help you become compliant or respond to future discovery requirements:
- Data retention policies Many
organizations are required to keep data for a specific time and
then remove that data to protect privacy.
- Privacy and confidentiality
requirements Every day organizations transmit
sensitive and confidential information through e-mail, both to and
from individuals and the organization itself. These organizations
have to protect the privacy of individuals and the confidentiality
of communications.
- Ethical walls Organizations that work
with securities and other financial information are frequently
required to prohibit communication between specific groups in their
own organization.
- Discovery requests Organizations are
sometimes subject to litigation. As part of this process, litigants
can request information from each other. This information
frequently comes in the form of e-mail messages.
For more information about the compliance features mentioned here, see Overview of Compliance Features.
Why Compliance Is Important?
Every organization should consider compliance. Every day organizations are required to produce evidence for litigation or to provide documentation to regulatory agencies to prove they are complying with their regulations.
Organizations that consider compliance when they plan their information technology infrastructures, including their e-mail infrastructures, can supply the required documentation on demand with less effort. They can also comply with other regulatory requirements more easily.
On the other hand, organizations that don't consider compliance up-front may find themselves sorting through millions of e-mail messages manually, wasting time and money. Organizations can also be held legally responsible for not complying with laws or regulatory requirements.
Although your organization may have never been subject to litigation or may not be required to follow regulatory requirements, there's a good chance that you handle private and confidential information that may be regulated by laws or regulations in your country or region. It's important that you understand the laws and regulations that apply to your organization and take proactive steps to make sure that you comply with them.
For a list of some of the laws and regulations that may apply to your organization, see Overview of Journaling.
Discussing Compliance in Your Organization
It's important to understand the requirements and obligations that may apply to your organization. If you haven't discussed compliance in your organization, the deployment of Exchange 2007 can be a catalyst for these conversations. Speak with your organization's management and legal representatives to understand the answers to the following questions:
- Do we handle customer data?
- Do we have established policies that protect customer data?
- Do we transmit confidential organizational information through
e-mail?
- Do we control who can view confidential information and where
it can be sent?
- Have we established policies and procedures that help us
respond to legal requests for information?
- Are there laws or regulations that prohibit communication
between specific groups in our organization?
- Are there laws or regulations that require us to remove data
after a given time?
This list presents some of the questions that many organizations must answer. The list is not definitive. It provides examples to help you consider some of the issues that may apply to your organization. Your organization may have other issues to consider.
If you already have a solid compliance policy in your organization, talk with your compliance officers and management to help them understand how your organization can use Exchange 2007 as a compliance tool.