Compliance Management

within Exchange 2013

Regulatory Compliance
Regulatory compliance is very
important in most Exchange
environments. Ensuring your
organization is in sync with legal
requirements with regard to
eDiscovery and other key aspects to
compliance is a must for Exchange
administrators.

Well-known U.S. and International Regulations

• Sarbanes-Oxley Act of 2002 (SOX)

• Security Exchange Commission Rule 17a-4 (SEC Rule 17 A-4)

• National Association of Securities Dealers 3010 & 3110 (NASD 3010 & 3110)

• Gramm-Leach-Bliley Act (Financial Modernization Act)

• Financial Institution Privacy Protection Act of 2001

• Financial Institution Privacy Protection Act of 2003

• Health Insurance Portability and Accountability Act of 1996 (HIPAA)

• Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept

and Obstruct Terrorism Act of 2001 (Patriot Act)

• European Union Data Protection Directive (EUDPD)

• Japan’s Personal Information Protection Act

Compliance Features

• In-Place eDiscovery & Hold

– Allows a search of mailboxes through the organization, preview of
search results and then copy of results to a Discovery mailbox
– In-Place Hold forces a hold on data discovered during in-place
eDiscovery
– Note: Legal Hold or Litigation Hold places entire mailbox on hold

• Auditing
– Keeps an audit log of all actions taken on all mailboxes
– Auditing is done based on access by owners, delegates and
administrators
– You can run various reports (exp. administrator role group report)

Compliance Features

• Transport Rules
– Allows you to create conditions, actions and exceptions over mail that is
flowing through your organization

• Data Loss Prevention (DLP)

– A form of transport rule that prevents users (or alerts users) from
sending sensitive information like credit card numbers
– Based on regulatory standards (PII and PCI-DSS)

• Messaging Records Management (MRM)

– Revolves around email lifecycle policies
– Retention policies are used to classify messages

Compliance Features

• Journaling
– Provides the ability to retain copies of all incoming and outgoing mail
through Standard journaling
– Provides more granular journaling through Premium journaling

• Information Rights Management (IRM)

– Works in harmony with Active Directory Rights Management Services
(AD RMS) to protect messages and attachments

• In-Place Archiving
– Eliminates the proliferation of .pst files
Scenario

• Enable default retention policy and in-place

archive over Tim Berry

• Establish a standard journaling rule for all email

going in and out of the organization

• Place Wendy Lindsay’s mailbox on Litigation Hold