Sarbanes-Oxley Act of 2002, SEC (Rules 17a-3 and 17a-4), NASD 3110, FDA 21 CFR Part 11 and HIPAA require record retention for all communications and records in its original form. The records should be searchable and available promptly.

Currently several email archiving solutions pose a few potential risks in the record retention process. While corporations require putting procedures in place to ensure adherence to the law by recording all email communications, some solutions do not have the capabilities to capture mail that was sent to BCC recipients. This deficiency in the solution can give the opportunity to by pass the archiving at will, thus missing a key data when needed. This issue has to be addressed before the service is set up.

It is more common today to use a corporate email address with a mobile phone. Using the phone provider’s outgoing mail server will not enable the corporation to capture the outgoing mail. In order to capture the outgoing mail when using the phone, the user should set the phone SMTP Server as designated for his desktop mail client (Outlook, etc.)