Government

Previous | Table of Contents | Next

Email Management Guidelines - Roadmap

8. Everyone in a federal government institution must understand his or her responsibility with respect to the management of email

Expected Outcome

In any given federal government institution, the following benchmarks will have been achieved:

• All federal government institution employees, including agents and contractors employed by the federal government institution, will understand their roles and their responsibilities with respect to email management.
• They will correctly apply information lifecycle management principles to the management of email information.
• They will ensure that email information is retained in the right storage medium and place and for the right length of time. They will follow the institution's rules of email etiquette.

8.1. Responsibilities of Users

To support email management effectively, users should know and understand pertinent provisions of legislation, regulations, standards, guidelines, policies, and procedures related to email, and should use and manage their email accordingly.

The information may be in the form of documents, training materials, coaching or formal training and may be available in a variety of media, or settings at the discretion of the institution. This information should be provided to users by their institution. If the information has not been provided, the user may ask that it be provided.

Rationale

Users are the "front line" in email management. Unlike other forms of electronic records and information, which are typically managed centrally, the nature of email requires that it be managed in a de-centralized fashion. Management of email starts with the user, at the desktop.

Typically, it is the originator of a message who would keep the email message, but in some instances, the recipient may be responsible for retaining the document or record. Users must understand which messages they can delete, and which messages they should keep (as well as where they should be stored, and how long they should be kept).

Users must learn and apply the rules of network etiquette (Netiquette), and use proper language and tone in their messages. They should also know when to use email and when not to. For example, they should avoid using email to send sensitive information, but, if it is necessary to do so, they should, at a minimum, use encryption to protect the information.

In short, email users have broad responsibilities in supporting email management at all stages of the information life cycle. To handle these responsibilities effectively, and manage the email they send or receive in an appropriate manner, users must be familiar with, and must understand, the pertinent provisions of legislation, policies, regulations, standards, guidelines and procedures related to email.

Sample Policy Statement

8.2. Responsibilities of network and/or system administrators

Network administrators should provide the technical infrastructure for email management, develop and execute backup and disaster recovery procedures, provide up-to date IT and Internet security, and control and monitor access to records and information holdings.

Network administrators should monitor the use of email to measure compliance with the Email Management Guidelines and policies and, when necessary, investigate suspected misuse of email.

Network administrators should create, maintain and preserve accurate and up-to-date documentation on the email system and information holdings. This documentation should be sufficient to provide proof of the authenticity and integrity of any email record or information provided as evidence in legal proceedings.

Network administrators should ensure that business-related email is not stored in an unauthorized repository.

Rationale

The mandate of systems administrators is typically to focus on IT system performance, cost efficiency and so on. The focus on IT can lead to decisions and actions that conflict with the proper management of email messages as records and information. For example, it could seem natural to a network administrator to recommend deletion of old records in order to improve the efficiency of the email system. Yet this could cause serious legal and audit problems if records are not properly retained for court proceedings.

In contrast, information managers know which records must be preserved, and for how long, but have little concern as to the negative impact that the storage of large quantities of information can have on the performance of operational systems.

While their mandates are different, network administrators and information managers must work together in a mutually supportive manner.

Network administrators have the necessary expertise to provide the technical infrastructure for email management. They know how to develop procedures that support backup and disaster recovery. They have the tools to fine tune IT security, and to control and monitor access to records and information holdings. They also have tools for investigating suspected misuse of email.

Network administrators have the ability to limit access to files, providing access only to those who need the files to do their work. Yet they have the ability, to be exercised in limited circumstances, to access an employee's email. Such access may be exercised when information in an email message is needed, but the employee is away, or when it is necessary in order to diagnose and fix technical problems or to investigate possible misuse of email.

Should any email record or information be required as evidence in legal proceedings, the network administrator must be prepared to isolate the information in order to prevent its deletion and to provide proof of its authenticity and integrity. Such proof is usually in the form of system documentation created, maintained and preserved by the system administrator.

Sample Policy Statement

8.3. Responsibilities of information management specialists

An IM specialist typically has broad responsibilities and is not focused exclusively on email management. However, the same broad responsibilities that apply to the management of other forms of information are generally applicable to the management of email.

Rationale

The role of an information management specialist will vary depending on the size of the institution to which he or she belongs, as well as his or her level of attainment and authority. An information management specialist may have some or all of the following responsibilities:

• Provide information and records management programs and services pertaining to email
• Capture email information and records
• Organize and describe email information and records
• Create and maintain and apply classification schemes, descriptive records and metadata
• Provide access to email information and records
• Store and protect email information and records
• Dispose of email information and records
• Provide electronic services related to email management

The responsibilities of the information management specialist may entail some or all of the following tasks:

• Develop departmental plans for (IM/IT in respect of email management)
• Develop IM/IT policies, standards, guidelines pertaining to email management
• Develop compliance assessment methodologies related to email management
• Advise on investments in information technology and, IM/IT resourcing strategies related to the management of email
• Conduct IM/IT compliance audits (discovery and disposition drills related to email
• Conduct cost/benefit analyses and impact analyses
• Plan, develop and implement communications strategies related to email management
• Develop and disseminate communication materials related to email management
• Promote Internet business services
• Manage the IM/IT committee Governance Structure
• Participate in inter-departmental working groups on IM policies, standards, and guidelines

In large institutions, there may be several highly trained and experienced information management specialists. However, in smaller institutions, the responsibilities of the information management specialist have sometimes been assigned to an individual with little training or experience in the field, and sometimes to individuals with other operational responsibilities. The purpose of the preceding list is to demonstrate that information management is a challenging and complex undertaking that requires the allocation of appropriate resources.

Sample Policy Statement

8.4. Responsibilities of operational managers

Managers should identify the training needs of individual employees on the subject of email management and allocate time, within business hours, for employees to attend appropriate training.

Managers should monitor employee compliance with these Email Management Guidelines, including arrival/departure and orientation/exit protocols, the proper classification and storage of records and information, and the application of appropriate retention periods.

Managers should ensure that employees have at their disposal any pertinent reference materials on the subject of email management, or that they know where and how to obtain such materials when needed.

Rationale

Managers are typically responsible for identifying any training their employees may require, on any subject relevant to their work, and for allowing time, within business hours for the training to occur.

Managers are typically responsible for monitoring various aspects of the work of their employees, including the quality and timeliness of the work they produce, effective use of the tools they are expected to use, and the accuracy and completeness of any records that they keep.

Managers may also be involved in determining retention and disposition requirements typically - though not always - with the advice of information management specialists. Managers may also be involved in organizing the filing system where email messages and attachments must be stored. Managers are also responsible for communicating these requirements to the employees under their supervision.

These responsibilities extend to supervising and managing employee use of email.

Sample Policy Statement

8.5. Responsibilities of executives

Executives should set the strategic direction for email management and guide the development and adoption of email management policy for their institution.

An executive with the role of records custodian should ensure that email messages that are the subject of pending open records requests and/or litigation are not deleted.

Executives should provide sufficient funding for the institution email management programs and systems and for ensuring their compliance with policy, legislation, and these Email Management Guidelines and related recommendations,

Executives should ensure that appropriate email management training is developed and delivered to employees, that employee attendance is logged and kept as a record, and that training and reference materials are made available to employees in a variety of media.

Executives are responsible for ensuring that employees are provided with these Email Management Guidelines and related recommendations, and that receipt and understanding of these documents is acknowledged in writing, and kept as a record.

Executives should review the email management policies and procedures on a regular basis, to assess their effectiveness, to address concerns, and to implement improvements.

Rationale

Institutions, and therefore their executives are responsible for the actions of their employees, including the proper management, retention and disposal of Email records.

Email management is emerging as one of the most daunting challenges of information management in institutions and is therefore worthy of the close attention of executives.

Executives are typically responsible for setting the strategic direction and policies of their institutions and for ensuring that sufficient resources are allocated for the work of the institution as well as for the effective and efficient creation and retention of government records and information. Generally, executives are also responsible for allocating funds for the training of staff.

Sample Policy Statement

Previous | Table of Contents | Next