Email archiving best practices in 2007 include:
- SANS 15489 (the South African Records Management Standard): This standard on recordkeeping provides guidance on “[t]he standardization of records management policies and procedures,” and is designed to ensure “that appropriate attention and protection is given to all records …”.
- SABS ISO/IEC17799 (edition one), “Information technology – Code of practice for Information Security Management“: and the updated ISO 27001.
- BSI BIP 0008: This is a code which was developed by the British Standards Institute to help institutions ensure adequate assurance on the legal admissibility and evidential weight of electronically stored evidence.
- Electronic Discovery: The Sedona Principles: This set of best practices for electronic discovery states that organisations “should adopt policies that provide rational and defenceable guidelines on the treatment of electronic documents. These guidelines should be created after considering the business, regulatory, and tax needs of the organisation, including the need to conserve electronic storage space on e-mail and other servers”. (see The Sedona Principles: “Best practices recommendations and principles for addressing Electronic Document Production”, a project of the Sedona Conference Working Group on Best Practices for Electronic Document Retention and Production, January 2004.)
- Draft ANSI-Arma Standard: Which provides the requirements for managing electronic messages as records.
- IT Controls – Cobit: This framework for managing information technology and information states that best practice for handling data is that the “conversion of data is tested between its origin and destination to confirm that it is complete, accurate and valid”. (Cobit Framework, Fourth Edition, Cobit Steering Committee and the IT Governance Institute.)
- American Bar Association: The American Bar Association (ABA) has changed its Discovery Standards to better deal with discovery of electronic information, including e-mail. At the ABA’s 2004 annual meeting, members adopted amendments to the ABA’s Civil Discovery Standards addressing issues related to the discovery of electronic documents to deal with new issues confounding litigants and courts alike. The amendments are not “law”, but provide lawyers with guidance as a “best practice” to deal with electronic discovery issues.
- COSO Framework (Committee of Sponsoring Organisations of the Treadway Commission): The COSO framework provides a much broader internal control framework than Cobit. The focus on COSO is on internal controls designed to support business, operational, financial and compliance goals. COSO identifies several areas that have both a direct and indirect impact on the IT Department. ABSA should familiarise itself with the concept of internal controls in the context of e-mail management specifically and investigate the way that frameworks like COSO can help ABSA bridge the gap between policies that support e-mail management compliance and the way that IT is managed and controlled.
- Vendor White Papers.