"Compliance" is a seriously big topic.
- It crosses electronic and paper lines.
- It can refer to government regulations, industry requirements, or internal governance.
- It refers to employee-driven processes as well as records retention.
- Requirements differ radically in highly regulated industries like finance, and healthcare
Even where we narrow compliance to IT and electronically stored information (ESI), it's still complex. Compliance doesn't just impact email; it also concerns database records, unstructured archives, and storage systems galore.
I see IT's compliance responsibility in 3 broad areas:
- Manage retention periods.
- Ensure data availability for searches.
- Deploy compliance checking for outgoing data.
Manage retention periods