Given the growing trend in corporate governance, complex compliance requirements, and e-discovery, enterprises without an e-mail management (EMM) strategy may soon be accused of mismanagement. Why? Because the cost of not being proactive is too steep.

While the most stringent corporate compliance regulations fall on the financial services and healthcare industries, as well as government agencies, corporate governance mandates such as the Sarbanes-Oxley Act (SOX) of 2002 have tentacles that are more far reaching. and while undefined in the area of e-mail retention, the potential misinterpretation of what to save vs. what to delete can be a costly mistake. Corporate governance, compliance and legal discovery (or e-discovery) should have businesses thinking about a messaging retention and archiving solution sooner than later.

EMM, according to industry experts, can help mitigate risks, i.e., the hefty fines or penalties for delays in recovering e-mail content, associated with regulatory compliance and corporate governance. EMM is the process of applying traditional, paper-based, records retention management processes to the digital world without compromising business productivity.

According to Gartner, an e-mail active archiving product provides a searchable archive of all e-mail messages for a defined period of time. It can be used independently or as part of a corporate records repository for legal and business uses. It can also be used as a solution to reduce the size of production e-mail data stores to gain operational efficiencies.

If the management costs associated with the increasing glut of electric documents, in particular messaging, isn't enough reason for organizations to think about the benefit of getting a handle on EMM, corporate decision makers should focus their attention on corporate compliance and e-discovery as a motivator.

Times are Changing
The growing importance of archiving mirrors the increasing number of government compliance mandates that are forcing organizations to retain critical records for years. Here, for example, are some key compliance laws and regulations by industry, according to Osterman Research:

• Financial: SEC 17a; NASD 3010; HIPAA; SOX; GLBA; SB1386; among others
• Healthcare: HIPAA; SOX; SB1386; among others
• Government: HIPAA; among others
• Life Sciences: HIPAA; 21 CFR11; SOX; SB1386; among others
• Other industries: HIPAA; SOX; SB1386; among others

Perhaps two of the more far-reaching compliance regulations to come down the pike are the Health Insurance Portability and Accountability Act (HIPAA) and SOX. HIPAA, for example, not only applies to firms providing healthcare services, but also to health insurance providers, claims processing services, and employers that provide health services or that are self-insured.

SOX applies to all organizations that report financial statements publicly or that issue U.S.-traded securities. Additionally, private companies that do business with publicly traded companies must also follow SOX guidelines so they can deliver requested information in the event a client is audited. Privately held companies with aspirations of being acquired by a public company are advised to adhere to SOX guidelines as well.

Other government laws to consider are The Patriot Act and Freedom of Information (FOI) Act, which require organizations to retain and maintain records so that they're available when regulators ask for them.

The second critical trend driving the increased need for businesses to have systems and procedures in place for e-mail retention and management is litigation and e-discovery. Not only must organizations retain critical data, but they must also be able to extract data for the purpose of legal discovery and do it quickly.

According to a report on e-mail management by the Enterprise Strategy Group (ESG), businesses open themselves up to critical risk if they're unable to meet regulatory mandates or e-discovery requests.

For example, ESG estimates that it costs an internal IT department between $1,500 and $3,000 to process and restore a single backup tape. In an instance where an organization is required to respond to a litigious claim, IT can expect to pay two to three times as much to process a single tape.

Take Action
While still a young market, message management and archiving is becoming a strategic IT component that most companies can't afford not to address.

Industry analysts have recognized Symantec Enterprise Vault as a leading solution for applications such as data collection, corporate governance, and legal protection.

In fact, ESG compared Enterprise Vault and EMC's Centera, a combined integrated disk-based e-mail management and archiving solution, with the costs of recovering archived e-mail from a tape-based archive and found the difference dramatic.

More specifically, the research firm found that organizations could realize more than $800,000 in benefits when deploying an integrated messaging archival system. The benefits range from avoiding compliance-related fines to improving utilization of storage resources that support the archive, according to ESG.

Webcor Builders, one of the largest general contractors in the San Francisco Bay area employs more than 800 people and has more than $1.3 billion in open contracts. To maintain its competitive edge, Webcor relies heavily on technology. Despite the fact that it's a privately held company, the general contractor must follow SOX guidelines because many of its clients are publicly traded. Webcor is also subject to HIPAA because the enterprise writes its own healthcare insurance.

At a typical major construction site, Webcor supervisors rely on cell phones and personal digital assistants (PDAs) for communications. "A typical site may have 30 people who have to stay in constant communication with each other as well as with any number of Webcor employees at headquarters," says Gregg Davis, senior vice president and CIO for Webcor. "Making sure that our people can communicate effectively is vital to controlling costs and finishing projects on time and to spec."

Subject to regulations that require that the company to maintain records for up to 10 years, Webcor recognized that it needed a reliable way to store and retrieve its growing volume of e-mail messages. The company chose Enterprise Vault and the Discovery Accelerator Agent for Enterprise Vault to satisfy corporate compliance and e-discovery requirements.

"Like any large construction firm, Webcor is often involved in litigation-related discovery, either directly or as a third party," says David. The trick, he notes, is to turn over just the relevant information. The Symantec solution increases the company's credibility in legal proceedings, he says.

At the end of the day, Webcor reports the following benefits using the Symantec solution:

• 100% ROI for Enterprise Vault within 10 months
• 100% ROI for Discovery Accelerator after first use
• 25% reduction in TCO for enterprise e-mail
• 40 hours of IT technician time saved per subpoena
• $10,000 every two years saved by avoiding purchase of additional Microsoft Exchange servers and storage
• $35,000 saved in IT staff time and $20,000 saved per year in attorney staff time through more efficient discovery searches
• 70% faster backups, from 15 hours to 5 hours

With the proliferation of e-mail, increased corporate governance, and the growing concern about e-discovery, managing corporate costs and risk is quickly becoming a front burner issue at many organizations.