Exchange Server 2010 and Regulatory Compliance

Email | Print

With regulations like Sorbonne’s Oxley and privacy laws, and the electronic discovery requirements in litigation, organizations have to take much more care about the e-mails and other messages that pass through their system. Exchange Server 2010 has introduced features that make regulatory compliance a much more dependable process.

The following features are of particular help in meeting compliance requirements:

  • There is a new multi-mailbox search feature which can be administered by compliance officers directly instead of by IT administrators. Compliance officers are the persons directly responsible for verifying content for compliance and the new feature provides them with an excellent tool for discharging this responsibility. This feature is particularly helpful for electronic discovery during litigation.
  • Users need not clear their inboxes periodically to make space for new messages. Instead, policies can be used to archive older mails into a centrally stored archive, which can be accessed by users any time. This makes complying with mail retention policies a feasible and easier option. Users can also classify their own messages and apply relevant policies to each.
  • Retention tags are attached to mailboxes and policies laid down for each tag. Administrators can even put a legal hold through appropriate policy rules on all content that need to be retained for compliance. The legal hold will prevent the content so held from being deleted even if end users attempt to delete them.
  • The new Active Directory Rights Management Services (AD RMS) under Windows Server 2008 can prevent the usage rights attached to documents from being tampered with, irrespective of where they are moved to. Through appropriate policies, e-mails can be retained to ensure regulatory compliance by integrating AD RMS with the Exchange systems. Recipient rights to a message can also be controlled through, say, restricting rights to forward, print, and copy/paste.

In addition to managing the content as above, new features in the latest Exchange server allow control over the transport of messages that pass through the Edge Transport and Hub Transport servers. E-mails can be allowed in, rejected, deleted, redirected, etc based on conditions or exceptions identified through examining specific parts of a message such as the subject, body, sender, recipient, etc. This feature will help administrators to prevent inappropriate messages from entering the system or sensitive information from leaving the organization, for example.

The transport rules above also help prevent communications between different departments and entities, such as between brokers and market researchers in an investment organization. Rules can be laid down to disallow any kind of communication between such entities and to generate, say, a non-delivery report if a prohibited communication is attempted. All messages, including those between senders/recipients in the same mailbox server, are routed through the Hub Transport Server to ensure that the rules are applied.

The issue of compliance with regulations thus becomes a much easier task under Exchange Server 2010.

Related Posts

Ask This Expert a Question or Leave a Comment




Get New Posts:

Infrastructure White Paper Download