2017 Compliance Audit Cheat Sheet: What Content Should You Archive?

     

Is your company subject to industry or government regulations? If so, you know compliance audits are a fact of life, like death and taxes.

Industries such as financial services, healthcare, and pharmaceuticals are heavily regulated. They are required to capture, monitor, analyze, and archive business-related electronic communication data. These organizations are required to meet expectations set by regulators like FINRA, the SEC, the FDA, and the FTC, just to name a few.

Depending upon your industry’s regulations, audits may occur every year or so, or they can be triggered by complaints the regulatory agencies receive. These complaints may be lodged against your company, or they may be lodged against another company within your field or industry.

What content should you be archiving? The short answer: all forms of business communication. Any content used during the course of business that makes the message a business record, regardless of whether the device used is a business-owned device or an employee’s personal device.

Here’s a handy breakdown of the primary types of Web content you should be archiving, both to avoid unnecessary risk and to follow industry standards, in native format.

Email

Compared to the other types of communication on this list, this is the easy one. All emails received and sent, both internally and externally, need to be archived.

Websites and blogs

Any and all websites and blogs associated with your business need to be archived. This includes all data; metadata; video; audio; and interactive elements such as files, forms, links, mouse-overs, drop-down menus, pop-ups, comments, and likes.

Instant messages

There are a number of live, interactive chat applications used in business today, including platforms like Google Hangouts. All business-related communication in those platforms, even if not within an “official” business channel established by the company or its departments, must be archived.

Text messages

Yes, even text messages need to be archived—regardless of whether the device used is a business-owned device or an employee’s personal device. If the text relates to the course of business, it’s a business record that must be archived.

Social media

Facebook, LinkedIn, Twitter, Instagram—if any business-related communication is happening on the platform, it needs to be archived. With the addition of video content, live streaming, and even “disappearing” video that is only made public for a finite amount of time, archiving social media for compliance purposes has become challenging.

Enterprise collaboration tools

Team collaboration tools might be popping up even faster than new social media channels these days. Business communication is happening across platforms like SharePoint, Yammer, Slack, and Workplace by Facebook, triggering the need for archiving.

Compliance regulations are expanding every year, and it is crucial to collect all data and to mitigate compliance risks. When the compliance audit occurs, your archive is proof you are in compliance with regulations.

Rarely will you know in advance of a compliance audit, because the regulatory agencies don’t want to give you any opportunity to get things in order by adding or deleting data. Accordingly, it is important that you have a stringent compliance strategy in place.

A large part of your overall compliance strategy will involve archiving of your electronic communication data: website, emails, social media channels, instant messages, text messages, and enterprise collaboration tools. The task of archiving is challenging, because the data are spread across multiple systems and technologies. Further complicating matters, employees are conducting business on different devices (PCs, laptops, tablets, and smartphones) for the same conversation.

With regulators becoming more aggressive and regulatory compliance more complex, a trusted third-party service provider can help you navigate the process and take the worry out of compliance audits.

Request

About The Author

Jim focuses on market strategy, product expansion and business development for the company’s enterprise web and social media archiving products and solutions. Previously, Jim was Vice President Enterprise Management for Merrill Corporation and Vice President of Sales and Marketing for Lextranet, a leading provider of eDiscovery document hosting solutions for law firms and corporate legal departments, acquired by Merrill in 2007. Jim graduated from the University of Pennsylvania’s Wharton School of Business and later served as a deep-sea diver in the U.S. Navy.