Thomas Bahr and Karsten Seifert work on projects for Enterprise Content Management within the Information Management Competence Group of BearingPoint. They have more than 10 years experience in ECM software.
BearingPoint is an independent management and technology consultancy. Owned and operated by its Partners throughout Europe, BearingPoint is offering its clients the best possible value in terms of tangible, measurable results by leveraging business and technology expertise. The company currently employs 3.250 people in 14 European countries and is serving commercial, financial and public services clients.
8 Things to Remember When Implementing an E-Mail Policy
1 -- Have a policy in place.
A necessary step in professionalizing your email management is to develop and to publish an email policy.
But what is a policy? A policy is a written proclamation from the top management or authorized board like the Corporate Compliance Office. It is an outline of general requirements, principles or rules for the use of the medium email.
Why is it necessary to an email policy? Because email is not an option in today´s business! In 2008 BearingPoint conducted a survey about email management. More than 90% of all participants claimed email as important or very important for internal and external communication. About two thirds of the respondents indicate that more than 25% of their emails contain business-critical information and one third indicates that emails contain more than 50% business critical information.
But in more than 50% of companies the user is the one who decides about deleting or archiving an email. Less than 50% of companies have a policy in place. To ensure legal compliance and to protect both the company and the users from misuse of the email system, you need to establish a policy framework for developing, enforcing and monitoring an email policy.
2 -- Define ownership and involve the stakeholders.
Remember that an email policy affects your organization and all of your employees. Make sure that at least the Legal/Compliance department, IT department, HR and the Board of Directors are involved in developing the policy in order to reflect all viewpoints in the organization. And if you are located in Europe, don’t forget to involve your workers’ council. To ensure a mature and effective policy, it’s absolutely necessary to define who is responsible for developing, monitoring and updating the policy. Typically the Corporate Compliance Office is the owner of this policy.
3 -- Define the objectives and usage.
First of all your policy should use clear and simple wording to be effective. Use bullet points to define the objectives of the policy and the proper use of email so that employese can easily find rules in case they are unsure.
Define the purpose of the policy. Some typical purposes...
- To ensure the proper use of the company’s email system
- To guide all users that create, use, and manage email as part of the daily business
- To make users aware of what your company deems acceptable and unacceptable use of its email system.
The policy additionally defines the usage of your email system:
- Who is allowed to use the system (allowable users). Is it only internal staff or external partners working for the company, too?
- Permitted uses - is the use of email allowed for business purposes only? If private use of email is occasionally allowed, remember to do some investigation into already existing company policies and ensure that your email policy is compatible with these existing policies.
- Restrictions for using the email system.
4 -- Do not forget retention and disposition.
Your policy should cover the aspects of retention and disposition. Emails and attachments should be classified and archived according to a retention schedule. A retention schedule describes all document types that need to be archived and is ordered by the defined retention periods per document type and for a global acting company at least by country. Keep this schedule clear and easy to use. Retention is one side of the medal; the other is disposition. This section of the policy should state that emails need to be disposed at the end of the lifecycle.
5 -- Remember eDiscovery issues.
Of course disposition is not allowed when your company is under legal hold during a litigation. When developing a policy for email archiving make sure to include a section dealing with eDiscovery issues! The section should describe what happens when your company is hit by litigation or by subpoena. It should state the mandatory process of litigation hold and all responsible contacts.
6 -- Train your employees.
Parallel to publishing your email policy via internal communication mechanisms like newsletters or intranet sites, you should train and verify the awareness of the policy with your employees. Training and verification are important success factors for your policy. The objective is to get users aware on how to work and how to comply with the new policy and procedures. According to BearingPoint’s survey, over 50% of the respondents use newsletters to verify that their employees are aware of a policy. 25% use learning mechanisms. Make sure to monitor for compliance with the policy.
7 -- Monitor enforcement.
Be sure that the policy is used and accepted. Collect feedback about it. If required, refresh the training.
Put things together: stakeholder, usage, legal issues, retention, archiving, security, enforcement, training and monitor. Follow the lifecycle of information for your policy management: policy development, training and auditing.
Some other posts worth checking out re: email and inbox management:8 steps you can take to better manage your inbox
8 key e-mail trends
8 things you need to know about preservation of e-documents for litigation and regulatory investigations
8 things you need to remember about e-discovery
Have you downloaded our two e-books? What are you waiting for?