|
|
ADVISOR RADAR
Who's in Charge of E-Mail Security Policies?
Although managing e-mail communications is becoming a key component of regulations compliance, the people leading compliance initiatives aren't necessarily the ones handling e-mail security guidelines.
Protecting and managing electronic communications has become a top priority for many companies that fall under federal regulations such as Sarbanes-Oxley or the HIPAA privacy laws. Losing track of, or inadvertently exposing, sensitive information contained in e-mail and instant messages (IM) is not only bad business -- it has legal consequences, as well.
Chief financial officers (CFOs) usually play the largest role in corporate compliance initiatives, Gartner Analyst Rich Mogull says. CEOs are also involved, as are internal auditors. However, a survey Osterman Research conducted in the early summer of 2004 suggests another group is usually in charge of creating and enforcing e-mail security policies: IT management.
Researchers asked survey participants to what extent certain leaders or groups in their company are involved in creating basic e-mail and IM security policies. The following groups or executives were listed as "heavily involved":
- IT management (cited by almost 90 percent of respondents)
- CIO/CTO (more than 60 percent)
- Legal (less than 40 percent)
- HR (less than 30 percent)
- C-level line-of-business managers (less than 20 percent)
Osterman also asked organizations to what extent these individuals or groups are involved in managing and enforcing those policies. The following groups or executives were listed as "heavily involved":
- IT management (cited by almost 80 percent of respondents)
- CIO/CTO (less than 40 percent)
- HR (less than 30 percent)
- Legal (less than 25 percent)
- C-level line-of-business managers (less than 25 percent)
Who manages e-mail security in your organization? How do e-mail and IM fit into your compliance work? Share your thoughts and experiences in the blog section below.
For advice on navigating the dangers of e-mail, see "Managing E-Mail Risk: An Executive Leadership Guide." The white paper discusses the legal and financial dangers posed by lax or no e-mail management and makes the case for a solid mail archiving implementation. It's available to Pro-level subscribers of CORPORATE COMPLIANCE ADVISOR magazine at http://Advisor.com/doc/12327.
ARTICLE INFO
Web Edition: 2004 Week 34, Doc #14535
 FREE ACCESS
Keyword Tags: business management, business software, business strategy, business technology, collaboration, communications, compliance, Communications, Compliance, Digital Risk, e-business, E-Business Management, E-Compliance, E-Mail, it administration, it strategy, litigation preparedness, management, messaging, Management, Messaging, security, Security, Strategy, System Management, tech admin, tech exec, technology, Tech Admin, Technology Management
ADVISORAMA Reason and free inquiry are the only effectual agents against error. -- Thomas Jefferson |
|