There's now no doubt that email archives need more governance:
·
The extent and frequency of discovery orders and regulatory audits, for which email is always a primary target, is growing all the time, with increasingly damaging effect, in the event of failure.
·
Those who installed email archives some years ago are now faced with the spectre of it being nearly full and creating a yet more challenging situation then they were faced with when they first installed it (particularly if they chose one that uses proprietary storage or compression algorithms, preventing easy migration!)
A prominent legal expert said in a seminar I attended recently that "the intelligent organisation (don't you just love how pejorative lawyers can make their statements!) keeps only two types of information: That required for legal, regulatory and accounting purposes; and that required for operational purposes. Everything else is a waste of storage and a potential smoking gun."
Email archives are fine for storing operational information for operational periods (commonly two to three years), but do not address the fundamental issue of the business value of the information: What should be kept for regulatory or audit purposes, what should be kept for operational reasons and what should be disposed of almost immediately, as spurious, such as non-business related emails and file attachments.
Records management delivers the required governance. The principles and processes it brings, in delivering policy, allows the business value to be objectively assigned and everything that follows from that (retention schedule, security, resilience, recoverability) to be applied.
So what is really needed is an email archive that has all the tools and high level policies that resolve IT's burning issues of storage, backup and DR, allow Users extended access to email (both in terms of overall volume and longevity) but that also integrates with a Records Management system that can manage the retention of business critical and operational information to the required degree for both regulatory and storage purposes "“ by assigning the business value of that information.
Of course, the two systems should work in a federated fashion, with other information repositories, so that other formats of related information (both physical and electronic) are equally well managed and exploit existing repositories, continuing to use the applications and infrastructure in which the organisation has invested and with which users are familiar.