Library and Archives Canada
www.collectionscanada.gc.ca
Common menu bar links
Institutional links
Government
Previous | Table of Contents | Next
Email Management Guidelines - Roadmap
1. Institutions must develop a plan to manage email
The management of email is one of the most challenging information management challenges of the last decade. Comprehensive and detailed planning by institutions is aimed at gaining control over the explosive growth of this electronic medium and its growing range of uses, features and functionalities.
Planning must cover several aspects of email management
- Development of explicit email management policies and procedures, pertinent to the institution's line of business.
- Management of the problems and opportunities presented by email in an integrated way, treating email messages, attachments and metadata with equal importance and providing for use of common infrastructures and the interoperability of email and IM systems.
- Incorporation, at an early stage, of email management requirements in the development of new or modified policies, programs, services and technology-based systems.
- Establishment of governance and accountability structures for the management of information in general, and email in particular.
- Provision for awareness and training programs in a variety of media.
Expected Outcome
In any given federal government institution, the following benchmarks will have been achieved:
- A comprehensive email management plan will be supported and appropriately funded by senior management
- The email management plan will indicate how the Email Management Guidelines of the Government of Canada will be attained or maintained.
- Each of the recommendations for email management will be thoroughly addressed.
- Where a recommendation is adopted, it will be so indicated.
- Where a recommendation requires interpretation in the light of the institution's mandate or line of business, interpretation will be provided.
- Where a recommendation requires adaptation to the institution's mandate or line of business, the nature of the adaptation will be described.
- Where a recommendation does not apply, the rationale for the finding and / or a substitute recommendation will be provided.
1.1. Manage email programs and systems in an integrated way
All email programs and related systems employed by institutions, should be appropriately funded by Executives and designed and configured in such a manner as to allow them to effectively capture, store and manage incoming and outgoing email messages along with related metadata and attachments.
Email messages that contain government records and information, should be separated from transitory messages and preserved and retained for an appropriate period of time, in accordance with the Information Management Life Cycle prescribed by the Policy on Information Management.
Note: The table below illustrates who is likely to be involved in implementing this these Email Management Guidelines and related recommendations.
Party or Parties Responsible for Implementing and/or Applying the Recommendation:
- Operational Managers
- Executives
Rationale
An email management program is a broader concept than just software and hardware. It involves the use of a technical infrastructure, the institution of human effort, the availability of training and reference materials, and the development of relevant knowledge and skill. All of these attributes must work together effectively to identify and capture government records and information and ensure that it is preserved.
An underlying premise of an integrated email management system is that the number of copies of an email message should be limited to the extent possible. Having fewer copies simplifies filing, storage, retrieval and disposition. But there are other advantages. For example, under privacy legislation, it is a legal obligation to destroy all copies of certain kinds of records and information when their retention period expires. Naturally it is much easier to meet this obligation if the number of copies is strictly limited, and they are kept in a known location. Likewise, if a record is only stored in one place, it becomes much easier to locate it, and ensure it is not destroyed, if it is required as evidence in audit or legal proceedings.
Sample Policy Statement
If this recommended action is applicable, consider using the following sample policy statement.
If not, indicate what alternative action, if any, to apply.
It is the policy of (name of institution) to manage its email in the following way.
(Select appropriate options from the following choices)
(Option 1) (Name of institution) keeps one copy (and only one copy, other than a backup copy for disaster recovery), along with metadata and attachments, as the copy of record, in a system shared with other institutions of the Federal government.
(Option 2) (Name of institution) keeps one copy (and only one copy, other than a backup copy for disaster recovery), along with metadata and attachments, as the copy of record in a system which it operates.
Where a message that originated from within the institution is material to a business decision or action, the copy of record is the copy taken from or replicated from the sender's email account and stored in an approved repository operated by the institution.
Where a message received from an outside source is material to a business decision or action taken by the receiver in this institution, the copy of record is to be the copy taken from or replicated from the email account of the primary individual responsible for making and/or obtaining the decision and/or taking the action.
For the purpose of this policy, the email management program of (name of institution) includes several related components.
- Technical infrastructure
- Hardware, software, networks, IT security technology,
- On-line electronic storage facilities (typically managed by the email system itself for short-term storage),
- Backup systems
- Near-line or off-line facilities for longer term storage
- Migration facilities - to ensure that messages, and their attachments, remain accessible, for as long as they are needed, regardless of technological evolution or obsolescence, and as a guard against physical deterioration of storage media.
- Holding areas or compilation technologies used to assemble, prepare and deliver messages to the Library and Archives for long-term or permanent storage
- Human infrastructure
- Individual(s) preferably with specialized training, responsible for information management and information technology
- Executives to set policy, and managers to assess training needs, and provide training and monitor compliance.
- Users who, based on guidance and, in some cases, with automated assistance, make decisions about which email messages to keep, how long to keep them, and where to store them
- Knowledge infrastructure
- Policies, procedures, guidelines, training
- Management Infrastructure
- Hold orders
1.2. Provide email management awareness and training programs
Email management awareness and training programs should be designed to ensure that employees develop the knowledge and skill to use email in an effective and appropriate manner.
Party or Parties Responsible for Implementing and/or Applying the Recommendation:
- Executives
Rationale
There are a variety of statutes and policies which can be interpreted as requiring the creation of records. At the collection and creation stage, a defensive strategy to safeguard institutions from unnecessary burden of electronic discovery is to educate government employees to "draft all documents with the expectation that they may be subject to the scrutiny of a judge or jury at some later date."
Beyond that, there are many aspects of using an email system that users are expected to know, but rarely ever taught in an organized way. Systematic training is an important way to ensure that email is managed in an effective manner. A proper training program must allow for different learning styles. Some people learn well through self-directed learning, others do better in the classroom. Some need to see or do rather than read or hear. All need to have their learning reinforced by frequent repetition.
Sample Policy Statement
If this recommended action is applicable, consider using the following sample policy statement.
If not, indicate what alternative action, if any, to apply.
It is the policy of (name of institution) that training related to email use and management (must / should) be designed and delivered to teach trainees how to perform a variety of functions:
- Use the email system in an effective, efficient and appropriate manner
- Use the email system in a courteous and considerate manner (Netiquette)
- Create, use and protect passwords
- Apply appropriate email security practices at all stages of the information life cycle
- Recognize those email messages that constitute records or information that must be retained
- Recognize email messages that do not constitute records, and delete them when no longer useful
- Apply provisions of legislation or regulation pertaining to preservation of government records
- Retain records and information (messages, metadata and attachments) for the appropriate period
- Apply provisions of legislation or regulation pertaining to privacy and confidentiality
- Dispose of records and information that have reached the end of their retention period
- Apply provisions of legislation pertaining to copyright
- Classify email messages and file them in the appropriate repositories
- Select and forward appropriate email files to the Library and Archives Canada, on a timely basis
- Recognize who is responsible for retaining the email messages (sender, recipient, both?)
- Manage their own email appropriately, and, if appropriate, shared or public mailboxes
- Recognize the different roles that users, specialists and managers have in managing email
- Agency executives, administrators and managers
- Individual users of the email system
- Information management specialists
- Information technology specialists, including network or system administrators
1.3. Use a variety of media in email awareness and training programs
A variety of media should be used to ensure that the Email Management Guidelines, policies and procedures are understood and applied within an institution.
Party or Parties Responsible for Implementing and/or Applying the Recommendation:
- Executives
Rationale
To be truly effective, a proper training program must provide training materials in a variety of media, to allow for different learning styles. People learn in different ways. Some people learn well through reading or self-directed computer-based learning, others do better in the classroom. Some will need reminders at the desktop.
In addition, since it is important to repeat and reinforce key points of the training, it is helpful to switch media in order to prevent the message from being "tuned out" by the trainees.
It is also important to tailor the training to the audience. Everybody in the institution will need some form of user training. However specialized training should be developed for Executives, managers, information management specialists and network or system administrators, because each of these audiences has a different set of responsibilities.
Sample Policy Statement
If this recommended action is applicable, consider using the following sample policy statement.
If not, indicate what alternative action, if any, to apply.
It is the policy of (name of institution) that email management training (must / should) be provided in a variety of media, to accommodate different learning styles and to reinforce the key messages related to email management. The goal of this policy is to ensure that Email Management Guidelines, policies and procedures, as well as roles and responsibilities, are well understood and consistently applied by those working within the institution.
1.4. Verify that the Email Management Guidelines, policies and procedures have been distributed, read and understood
Each institution should distribute the Email Management Guidelines, policies and procedures in such a manner as to ensure that employees, contractors and any other users under their authority have been made aware of the relevant provisions and understand them.
Employees, contractors and any other users should also be made aware of the fact that they are expected to comply with the relevant Email Management Guidelines and any related recommendations adopted by the institution and that intentional misuse of the email system may result in disciplinary action up to and including termination of employment or contract.
Party or Parties Responsible for Implementing and/or Applying the Recommendation:
- Executives
Rationale
Verification that Email Management Guidelines have been read and understood may be done in any of several ways.
- Testing
- Simple signature on a document acknowledging the information has been read and understood
- Compliance monitoring
Sample Policy Statement
If this recommended action is applicable, consider using the following sample policy statement.
If not, indicate what alternative action, if any, to apply.
It is the policy of (name of institution) to ensure that employees, contractors and any other users in its employ have been made aware of and understand the relevant provisions of Email Management Guidelines and all applicable recommendations.
Employees, contractors and any other users are hereby made aware of the fact that they are expected to comply with Email Management Guidelines and all applicable recommendations, and that intentional misuse of the email system may result in disciplinary action up to and including termination of employment or contract.
The institution (will / should) use the following method(s) to ensure that Email Management Guidelines and all applicable recommendations have been read and understood.
Choose the applicable method(s)
- The institution will obtain from each employee, contractor or other user, a simple signature on a document acknowledging that the information has been read and understood
- Employees, contractors and other users will be tested to ensure that they have understood the key principle of email management, as well as their own specific roles and responsibilities
- The email accounts of employees, contractors and other users will be monitored on a (random or other) basis to ensure compliance
1.5. Keep records of learning activities and attendance
An institution should keep a record of email management learning activities as well as a record of attendance at any email management training class, workshop or presentation. These records should be kept on a long-term basis for use, if required, in legal or audit proceedings.
Party or Parties Responsible for Implementing and/or Applying the Recommendation:
- Executives
Rationale
Records of the email management learning activities offered by the institution, as well as records of attendance at email management training programs, may be used in court to substantiate the quality and the scope of the institution's email management training program. As such, they may lend weight to email evidence used by the institution.
Such records may also be used in court cases to counter an allegation that one or a number of users in the institution did not receive adequate training in email management. If the user(s) signed in to a training session, it would be difficult to deny that training was provided.
Sample Policy Statement
If this recommended action is applicable, consider using the following sample policy statement.
If not, indicate what alternative action, if any, to apply.
It is the policy of (name of institution) to keep a record of email management learning activities available to employees, contractors and other users, and to record attendance at training sessions, by having participants sign beside their name on an attendance sheet. Such records are to be preserved for the long term.
