Navigation

Instant Contact

UK:

Sales & Technical Support

+44 (844) 887 0000

This e-mail address is being protected from spambots. You need JavaScript enabled to view it.

Global Headquarter:

Sales

+49 511-260905-0

This e-mail address is being protected from spambots. You need JavaScript enabled to view it.

Global Headquarter:

Technical Support
+49 511-260905-50

This e-mail address is being protected from spambots. You need JavaScript enabled to view it.

Newsletter International Q3 2011

EDITORIAL: What should one do when it's time for an audit?

The problem is well known in most companies: for some time now, business emails have had to be archived for possible audits. Which technical possibilities are available and which legal jungles await companies are thoughts that probably go through the heads of many of those in charge. But what should be actually done, if an administrative audit of the company’s email archives has been announced? What practical preparations are necessary for the company, to avoid damage or a reaudit? After all, all emails must be unchanged and unchangeably archived and accessible for the auditor. What things should be kept in mind to enable the required auditor access?

Of course, the auditor must have access to all relevant emails stemming from the time period to be audited. The remainder of the archives does not need to be accessible though. For data protection reasons, private emails, that have found their way into the archive, should not be accessible for the auditor. Incidentally, this is irrespective of whether the sensible usage of email for private purposes has been expressly forbidden or not.

There are various statutory requirements for an auditor access. In the case of direct access, the auditor must research the archive himself, as well as select and view those emails that he believes are relevant to the audit. He will ask to have these emails sent to him, for his records, and this request must be supported. In order to prevent a possible misuse of the auditor access, the access should be protected by applying the so-called “four-eyes principle”; i.e., that a second person is necessary besides the auditor which will grant access to the email archives.

It is important for companies organising their email archives to know how a possible audit is managed technically. How quickly can the auditor access be implemented? Does this comply with statutory provisions, or are there gaps in the process? Is it possible for the company to check which areas were audited and when? Otherwise, this could provide for a rude awakening, if an audit notice from customs flutters through the letterbox.

I wish you stress- free audits!

Best regards,

Oliver Dehning

antispameurope - Ihr Managed Security Service

Navigation

Instant Contact

Newsletter International Q3 2011

EDITORIAL: What should one do when it's time for an audit?