10 Steps to Creating a Single Point of Discovery

In my previous blog posting, I discussed some of the complexities of eDiscovery and alluded to a potential solution. I believe the key is Unified Retention --  a combination of policy enforcement and different systems working cohesively to ensure a single point of retention and discovery for all email records.

The simple philosophy is that if the organization can state with 99.9-percent certainty that the requested messages exists or does not exist then expensive eDiscovery exercises can be avoided. Courts will usually require proof of such statements through formalized policies and audited processes within the organization.

Part of the challenge of defining a unified retention solution is controlling the data sources inside and outside of the defined retention area. If the organization can't identify or control the records outside of the retention area, how can it implement a record-destruction policy without reverting to disparate data storage again? This is where the alignment of the various policies and procedures comes in.

There are ten areas you must address to define and manage a unified retention area:

1. Identify email sources, including: backups, personal archives, IMAP/POP3accounts, mobile messaging, and any other copies (even printed copies).
2. Evaluate the organization's ability to control those locations through either process or policy.
3. Consider alternatives for handling information that you can't realistically control via processes or you can't audit effectively with an associated policy.
4. Define some type of formal retention policy that details how and where data will be stored and retained.
5. Back up these policies with formal processes.
6. Consider an archival and retention package for the email system. This will form the basis for the unified retention area.
7. Once you've selected the archiving and retention package, the implementation should provide for 100-percent retention of all email messages in a single or multiple repositories.
8. Decide what to do with current data, for example tape backups outside the unified retention area.
9. Implement a data-destruction policy on the unified retention area. Be sure the destruction policy does not conflict with external data policies.
10. Ensure the actual integrity of the unified retention area.

If item #6 caused you to pause and wonder about my motives (after all, I do work for a company that produces an archiving product), I understand. However, as messaging expert, regardless of whom I work for, I can tell you that, although you can use a live messaging system as the unified retention area, unfortunately email systems were not designed for this function and are impractical for long-term storage and retention of information.

The retention system needs several key components in order to ensure a comprehensive retention area:

• Automatically capture 100 percent of all email
• Index and search data
• Maintain message integrity
• Provide scalable and cost-effective storage
• Perform selective destruction
• Apply litigation holds to data
• Audit deletions to validate corporate destruction policies

One final note: Unified Retention gives organizations a way to effectively handle and process eDiscovery requests in their email system. However, Unified Retention doesn't come in a box. It must be architected and deployed by skilled individuals who know the systems and the processes, and accompanied by a willingness of upper management to develop or sign off on email usage and retention policies that will ultimately protect and benefit the organization financially.

– Greg Smith