msg 382 enforcing compliance with exchange server andrew barnes director - emea marketing and...
Post on 19-Dec-2015
218 views
TRANSCRIPT
MSG 382
Enforcing Compliance with Exchange ServerAndrew BarnesDirector - EMEA Marketing and Product Management
KVS Inc
CorporatCorporatee
1990s1990sPersonalPersonal1980s1980s
SpreadsheetsSpreadsheets Word Word
processorsprocessors Presentation Presentation
graphicsgraphics
NetworksNetworks E-mailE-mail Internet/IntranetInternet/Intranet Business process: Business process:
ERP, CRM, SCM…ERP, CRM, SCM…
Interconnection Interconnection of:of: PeoplePeople ProcessProcess DataData
EcosystemEcosystem2000s2000s
Impacts and Issues in Information Retention
Information Worker
MeetingsMeetings DocumentsDocuments Info SharingInfo Sharing
ReadingReading AnnotatingAnnotating AnalysisAnalysis
CreatingCreating ReusingReusing UpdatingUpdating
CommunicateCommunicate AbsorbAbsorb
CollaborateCollaborate
AuthorAuthor
DecideDecide
DesigningDesigning Note TakingNote Taking PublishingPublishing
EmailEmail MessagingMessaging PresentingPresenting
AccessAccess InformationInformation DataData PeoplePeople
ProjectsProjects InformationInformation TasksTasks
IndividualIndividual
TeamsTeams
Division
Enterprise
Industry
CreatingCreating ReusingReusing UpdatingUpdating
CommunicateCommunicate AbsorbAbsorb
CollaborateCollaborate
AuthorAuthor
DecideDecide
DesigningDesigning Note TakingNote Taking PublishingPublishing
EmailEmail MessagingMessaging PresentingPresenting
AccessAccess InformationInformation DataData PeoplePeople
ProjectsProjects InformationInformation TasksTasks
IndividualIndividual
TeamsTeams
DivisionDivision
EnterpriseEnterprise
IndustryIndustry
The KVS business
Rapid ImplementationTransparent To UsersCompelling ROIOpen API’s
Global OrganizationLeader in the archive spaceGreat product depth and breadthStrategic Partner Community
KVS develops, markets and supports archiving software which facilitates storage optimization,
simplifies the management of and enables discovery of content within business
critical collaboration systems
Store, Manage, Discover
Business Drivers
LifecycleLifecycleDocument & MessageDocument & Message
ManagementManagement
LifecycleLifecycleDocument & MessageDocument & Message
ManagementManagement
Retention &Compliance
StorageControl
PST & Legacy Information Migration
KnowledgeExploitation
Migration &Consolidation
Compliance, the Compelling Factors
Complex area with rules from many bodies, Global and Local, that drive across email, documents, instant messages, voice mail and most communications that take place between entities
Sarbanes Oxley
SEC 17a-x
Patriot Act
21 CFR 11
NASD rules 3010 & 3110
DOD 5015.2
MoReq
Etc…
DataProtection
Freedom of Information
FSA
RIPA
PRO
Commercial best practice
Etc…
SEC Press Release, December 3rd 2002 (http://www.sec.gov/news/press/2002-173.htm)
The Securities and Exchange Commission, the New York Stock Exchange and NASD today announced joint actions against five broker-dealers for violations of record-keeping requirements concerning e-mail communications. The firms consented to the imposition of fines totalling $8.25 million, along with a requirement to review their procedures to ensure compliance with record-keeping statutes and rules.
…consented, without admitting or denying the allegations, to findings that each:
Violated Section 17(a) of the Securities Exchange Act of 1934, Rule 17a-4 under the Exchange Act, NYSE Rule 440 and NASD Rule 3110 by failing to preserve for a period of three years, and/or preserve in an accessible place for two years, electronic communications relating to the business of the firm, including interoffice memoranda and communications. Violated NYSE Rule 342 and NASD Rule 3010 by failing to establish, maintain and enforce a supervisory system to assure compliance with NASD and NYSE rules and the federal securities laws relating to retention of electronic communications.
Aspects of legal retention
RetentionThe need to keep informationThe need to delete information that does not need to be kept
DisclosureThe need to make information available
SupervisionChecking for correct behavior by employees
DiscoveryLooking for stuff for formal enquiry
Compliance, the Compelling Factors
It is not acceptable to just delete mailEmail is dynamic not static like documentsEmails take on a life of its ownCorporations are responsible to deliver to opposing council whether or not policy states deletionIt’s not only the email (mail, attachments, and associations)
Mandatory retention periods for best information retention practiceSolutions need to be a combination of “Proactive”, “Reactive” and “Defensive”
KVS Compliance KVS Compliance InitiativeInitiative
announcing…announcing…
KVS Compliance InitiativeFully addresses needs of Compliance with focus in current phase on; Sarbanes Oxley Act, SEC mandates, DOD mandates, FDA mandates and EU policiesCompilation of best of breed by KVS and Partners
Microsoft TechnologiesExchangeSharePoint Portal ServerOffice Systems
Legacy Systems Import into the Information WorkerExchange 5.5 to 2000 & 2003Lotus JournalingDocument Management Systems (Documentum, FileNet, Hummingbird…)
PST and Public Folders to the ArchiveMDY Records ManagementInstant Messaging trapping and DiscoveryPrescribed Solution Offerings (PSO’s)
Storage
Servers BackupAnd
Restore
Windows OS
KVSCompliance
andDiscovery
Accelerators
KVS Enterprise
Vault for
Exchange&
SharePoint
FILTERS
KVS Compliance Architecture
SPS & OfficeDocs
PSTs &Public folders
Journals
Mailboxes EXCHANGE &
SPSContent Mgmt
import
Instant mail
Legacy import
External mail
DRM & 3rd Party Records Management
User Experience does not changeLower TCO (training, planning, implementation)
Enterprise Vault is part of the entire Microsoft Store Community
Users select items that are archived and open them like a normal message.
The archived items are then displayed to the user in their original application.
Availability?Availability?
Now!Now!
Architecture & Accelerator model
VaultVaultStorageStorage
Reviewdatabase
Storage, indexing,Storage, indexing,search, retrieval search, retrieval
servicesservices
JournalJournalArchiveArchive
Discovery or Compliance Accelerator
Standard EnterpriseVault
Exchange/SPS
Discovery or ComplianceAccelerator
Exchangejournals tomailboxes
Vault journal service movesemail from journalmailboxes
Vault storage service stores and indexes email
Review systemdatabase referencesemail in Vault store
Search and view from Vaultstorage
Email storedWORMstorage
Review ApplicationsDiscovery Example and Process
Case admins search journal archives toget result sets
Move result sets to case review set
Reviewers mark items, which end up as relevant or non-relevant
JournalJournalArchiveArchive
Target email is held in Enterprise Vault journal archives
Import opposition production into Vault for search and discovery
Case admins produce relevant itemsto opposition
KVS Enterprise Vault KVS Enterprise Vault and Acceleratorsand Accelerators
demodemo
Simon NashSimon NashSystems EngineerSystems EngineerKVSKVS
Determining the Right Mix
Information RetentionScenario #1
Information RetentionScenario #1
KVS Email ManagementKVS Email Management
KVS Email Journaling KVS Email Journaling
KVS Compliance & Discovery Accelerators
KVS Compliance & Discovery Accelerators
Information RetentionScenario #2
Information RetentionScenario #2
Records ManagementRecords Management
KVS Email Journaling KVS Email Journaling
KVS Compliance & Discovery Accelerators
KVS Compliance & Discovery Accelerators
KVS Email Management KVS Email Management
Information RetentionScenario #3
Information RetentionScenario #3
Records ManagementRecords Management
KVS Email Journaling KVS Email Journaling
KVS Enterprise Vault for SharePoint Portal ServerKVS Enterprise Vault for SharePoint Portal Server
KVS Email Management KVS Email Management
KVS Compliance & Discovery Accelerators
KVS Compliance & Discovery Accelerators
Proactive, Reactive, DefensiveProactive, Reactive, Defensive
The Information Worker + KVS2100SERVER 2100SERVER
RTCRTC
Enterprise Vault for SharePoint Portal Server and Enterprise Vault for Exchange co-exist as well as WSS functionality and Office11 data types
Government compliance and discovery maintained. Policy auto-enforced across all data types
Common MMC management Users search Exchange & SPS
from SPS or Outlook using MSFT or KVS search applications.
SPSSPS
ProjectProject2100SERVER
2100SERVER Exchange Exchange backupbackup
Instant Instant MessagingMessaging
2100SERVER
2100SERVER ExchangeExchange
2100SERVER
2100SERVER Records Mgmt
Content Mgmt
Community Resources
Community Resourceshttp://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/
NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx
User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx
evaluationsevaluations
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Appendix…Appendix…
Owner/ReviewerDelegate reviewer
Member Name 1Member Name 2Member Name 3 Member Name 4Etc.
Owner/ReviewerDelegate reviewer
Member Name 1Member Name 2Member Name 3 Member Name 4Etc.
Owner/ReviewerDelegate reviewer
Member Name 1Member Name 2Member Name 3 Member Name 4Etc.
Owner/ReviewerDelegate reviewer
Member Name 1Member Name 2Member Name 3 Member Name 4Etc.
Owner/ReviewerDelegate reviewer
Member Name 1Member Name 2Member Name 3 Member Name 4Etc.
Supervision user model
Owner/ReviewerDelegate reviewer
Member 1Member 2Member 3 Member 4Etc.
Review groups – parallel review by group managers/reviewers
Compliance administrators – manage review process, define reviewers/users/groups, get reports
Supervision process – “Compliance Accelerator”
JournalJournalArchiveArchive
Accept sample sets for review
Target email is held in Enterprise Vault journal archives
Review and mark as “reviewed” or “questioned”
All review activityrecorded for audit
Reviewdatabase
Auto-search or reviewer driven search of journal archives to get sample sets
Discovery
Litigation supportExamples: incoming subpoena, HR investigation
FunctionalityScope is all archived/journaled information
Ad hoc searching
Review workflow
Final production of information
BenefitsOn-line, in-house discovery
Cost-effective reviewer utilization
Avoidance of review duplication
User model
Para-legal group
Reviewer 1Reviewer 2Reviewer 3 Reviewer 4Etc.
Review groups – progressive review by hierarchy of reviewers
Case administrator/s – manage discovery review process, define roles/users/marking, search
Inside counsel
Reviewer 1Reviewer 2Reviewer 3 Reviewer 4Etc.
Outside counsel
Reviewer 1Reviewer 2Reviewer 3 Reviewer 4Etc.
Discovery process - “Discovery Accelerator”
Reviewers mark items, which end up as relevant or non-relevant
JournalJournalArchiveArchive
Target email is held in Enterprise Vault journal archives
Import opposition production into Vault for search and discovery
Case admins produce relevant itemsto opposition
Move result sets to case review set
Search 1+Search 2+Search 3
Everything is recorded
Search 1Search 1
Case admins search journal archives toget result sets
Search 1
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.