Crews & Associates Inc., an investment banking and brokerage firm, may have fewer than 200 employees, but when this SMB needs to satisfy regulators or lawyers looking for an email audit trail, the compliance team has found that the size of a company definitely doesn't matter.
"The Financial Industry Regulatory Authority [FINRA] officially audits us every two years, but could drop in at any time they want to and we have to be ready," said Carter Malone, vice president of compliance at the Little Rock, Ark.-based firm.
Because FINRA can stop in at any time, the compliance team always has to have both their financials and email system ready for a regulator to look at. Often, if the regulators have questions about trades, such as the reason for a mark-up, they'll follow-up by searching through email exchanges between a trader and the client.
Malone credits the use of ZL Technologies' ZL Unified Archive e-discovery system for enabling his organization to meet the regulators' needs in real time. The on-premise server is an email archiving system that sits between a company's mail server and storage to categorize, meta-tag and encrypt all messages. The software, which creates a searchable index, can also stub messages and add pointers, which saves space and enables him to save more messages for a longer period of time. Therefore, when a regulator comes on-site, Malone can simply give him access to a Web-based console to answer any queries.
Crews & Associates has been using e-discovery software since 2005 and has found it saves the company from potential fines. "If we didn't have e-discovery capabilities and couldn't provide the regulators with the information they needed, they would note that in our file and possibly order us to pay any discrepancies to clients. To fight those charges, we'd have to pay serious legal fees," he said. Instead, regulators are able to quickly search through messages based on keywords in messages and attachments or users.
The firm also uses ZL Unified Archive e-discovery system for internal audits and reporting to ensure that traders and other employees are following industry guidelines. For instance, the firm has a strict policy of never using the word "guarantee" in regards to transactions. Therefore, Malone has set up an alert for that term, as well as others, within messages and attachments.
Although he would not say how much the product cost, Malone said it is far less than any damage that would result from compliance violations.
Choosing an e-discovery tool: Appliance vs. hosted products
When deciding whether or not they should roll out e-discovery tools, SMBs should consider the following: which ones are available in on-premise, and whether to use appliance-based or hosted products, according to Brian Babineau, senior analyst at Enterprise Strategy Group.
And there is no shortage of products and services available. For instance, Hewlett-Packard (HP) Co., IBM Corp. and Microsoft all offer e-discovery software products. Barracuda Networks, Messaging Architects and StoredIQ have e-discovery appliances. And Autonomy, Orange Legal Technologies and SunGard Availability Services feature hosted solutions.
Each approach has its benefits and drawbacks for SMBs, according to Babineau. For instance, while purpose-built software offers full functionality for compliance, advanced e-discovery, offline archive access and mobile device support, these products can be unruly for smaller organizations to manage the systems and the retention policies themselves.
Meanwhile, appliance-based products are often easy to install and manage and have security built in, but they have finite storage capacity that might result in an SMB having to buy more than one box or delete data sooner than they want to. In addition, Babineau points out that "many appliances cannot support multiple message retention policies or offline archive access."
Finally, he said e-discovery services are very easy to set up and use and don't require hands-on management. Also, SMBs do not have to commit to long-term contracts. The flipside is that they might not offer as many features, such as offline access to the archive, and might not integrate well with desktop email software such as Outlook. Babineau added that SMBs might hit their storage capacity quickly if the service doesn't offer techniques such as stubbing or pointers to conserve space.
SMBs that think e-discovery tools are out of reach for them because of price and complexity should consider hosted solutions, which are becoming more prevalent. "E-discovery is becoming easier because SMBs don't have to do all the work in-house," he said. In fact, Babineau said hosted pricing is often per month and ranges from $3 to $15 per user. To keep costs even lower, organizations can prioritize which users or departments are most likely to be subject to e-discovery. Companies can also negotiate volume discounts with service providers. If hosted service costs are based on storage size, he said to set limits on how long to keep data around based on internal policies and industry regulations. "There are definitely ways to keep e-discovery from being financially crippling," he added.
Noah Wallace, information technology manager at food manufacturer Silver Spring Foods, Inc. in Eau Claire, Wis., agreed. He subscribes to Google's Message Discovery service, formerly Postini, to archive and search email among his 150 users as well as vendors and customers.
Wallace relies on the e-discovery tool, which features a Web-based console, to conduct quarterly audits as well as drills to see how fast the company could react to product recalls and other business-critical incidents that would require him to backtrack through emails.
He warns his peers not to become complacent by only using their traditional email systems. "Trying to discover a message that has been deleted or misplaced with just your email server can take a lot of time, and in most cases e-discovery has to be done in real time," he said.
Getting started with e-discovery
The best way to succeed at e-discovery and keep costs down is to make it part of your initial records retention planning and not an afterthought, according to Christine Taylor, analyst at The Taneja Group.
Companies in their infancy should research industry regulations and develop corporate email use, retention and search policies based on them. In addition, all data should be centralized so that e-discovery is considerably more efficient. She adds that IT should work with the organization's executive, legal and human resources team to hash out appropriate policies. "Doing this from the outset will make everything much more cost-effective when you face a legal or regulatory challenge," she said.
And to those that still think e-discovery is too expensive? "If your business has the potential to face fines or a lawsuit that could total over $25,000, then the cost of an e-discovery product is going to be worth it," she said.
About this author: Sandra Gittlen is a freelance technology editor in the greater Boston area. She can be reached at firstname.lastname@example.org.