IM Compliance

Real-time communications – including email, IM and mobile messaging – are subject to an increasing number of industry and government regulations. Demonstrating compliance with these rules and standards presents a key challenge for today's organization. And the consequences are clear: Out-of-control real-time communications can lead to fines for non-compliance, lost reputation, lost intellectual property, and further liability to your organization.

IT organizations need a solution to enforce policies and controls – based on end users’ corporate directory attributes – to regulate user activity, protect against data loss, and to archive IM and mobile messaging for compliance purposes.

Quest Policy Authority for UC helps organizations address two primary areas of IM and mobile messaging compliance: Information Control, Retention and Review and Privacy Protection and Security. Read below to find out how.

Information Control, Retention and Review

Organizations are required to control who can IM with whom (such as enforcing ethical walls), log and archive all IM, and to systematically review messages.

Regulation	Industry	Requirement	How Quest Policy Authority Helps
SEC 17a-3 and 17a4	Financial Services	Archive and review of electronic communications	Archiving all IM conversations   Real-time monitoring of flagged messages   Flexible web-based search and retrieval   Multiple user roles for systematic audit of messages   Annotation and email escalation of flagged or blocked messages
FDIC	Member Banks and Financial Institutions	Retention and review of all electronic communications	Archiving all IM conversations   Real-time monitoring of flagged messages   Annotation and email escalation of flagged or blocked messages   Flexible web-based search and retrieval   Multiple user roles for systematic audit of messages   Annotation and email escalation of flagged or blocked messages
NASD 3010 and 3110	Financial Services	Retention and review policies for electronic communications Originals of all communications received and copies of all communications sent by such member, broker or dealer   Broker-dealers should prohibit communications from home computers and third party platforms unless such communications can be retained and reviewed	Archiving all IM conversations   Real-time monitoring of flagged messages   Annotation and email escalation of flagged or blocked messages   Flexible web-based search and retrieval   Multiple user roles for systematic audit of messages   Archive SMS text messaging   Archive PIN-to-PIN text messaging   Log inbound and outbound phone call numbers and call lengths
NASD 2711	Financial Services	Separation of broker-dealers from investment analysts	Flexible access control to enforce ethical walls   Annotation and email escalation of flagged or blocked messages
NYSE Rule 440	Financial Services	Retention of all electronic communications	Archiving all IM conversations   Flexible web-based search and retrieval
FINRA #07-59	Financial Services	Text messaging is a communications mode that is considered 'electronic communication' and must be retained.	Archive SMS text messaging   Archive PIN-to-PIN text messaging   Log inbound and outbound phone call numbers and call lengths
FERC/NERC	Energy	Retention and review of all electronic communications	Archiving all IM conversations   Real-time monitoring of flagged messages   Annotation and email escalation of flagged or blocked messages   Flexible web-based search and retrieval   Multiple user roles for systematic audit of messages   Annotation and email escalation of flagged or blocked messages
Sarbanes-Oxley	Publicly-traded	Availability of historical communications for audits and ethical walls for analysts	Archiving all IM conversations   Flexible access control to enforce ethical walls   Flexible web-based search and retrieval   Multiple user roles for systematic audit of messages   Annotation and email escalation of flagged or blocked messages
Freedom of Information Act	Federal Government Agencies and Contractors	Control and retention of all records	Archiving all IM conversations   Flexible web-based search and retrieval   Annotation and email escalation of flagged or blocked messages
21CFR Part 11	Life Sciences and Pharmaceuticals	Retention and audit of "e-records"	Archiving all IM conversations   Flexible web-based search and retrieval   Multiple user roles for systematic audit of messages   Annotation and email escalation of flagged or blocked messages
5015.2STD	Department of Defense	Retention and audit of messages	Archiving all IM conversations   Flexible web-based search and retrieval   Multiple user roles for systematic audit of messages   Annotation and email escalation of flagged or blocked messages
Regulation FD	Publicly-traded	Control over external communications	Archiving all IM conversations   Flexible web-based search and retrieval   Annotation and email escalation of flagged or blocked messages
Amended Federal Rules of Civil Procedure	All organizations that may be involved in litigation in a Federal court	Retention, disclosure, and production of electronic messages (including IM and chat)	Archiving all IM conversations   Flexible web-based search and retrieval   Multiple user roles for systematic audit of messages   Annotation and email escalation of flagged or blocked messages
FSA Policy Statement 2008 A1.64-A1.71	Financial Services (UK)	Archive and review of electronic communications	Archiving all IM conversations using tamper proof mechanism   Archiving all File Transfers   Binary logging or message formatting, color, style   Multiparty Chat logging including join/leave timestamps   Flexible web-based search and retrieval   Multiple user roles for systematic audit of messages   Annotation and email escalation of flagged or blocked messages
FSA Policy Statement 2008 A1.70-A1.71	Financial Services (UK)	Enforce usage policies for IM	Flexible access control to enforce ethical walls   Automatic display of legal audit disclaimers to all parties   Restrict inter-organization communication   Ensure all IM communication are directed through authorized channels

Privacy Protection and Security

Organizations are also required to protect sensitive information (such as consumer financial or health-related data) when using IM or other forms of real-time communications.

Regulation	Industry	Requirement	How Quest Policy Authority Helps
HIPAA	Healthcare-related	Protection of all patient health information	Flexible keyword and pattern (such as SSN) filtering   Granular access control by user, group and domain   File transfer control by user and file type
Gramm-Leach-Bliley Act	All industries	Protection of customer financial non-public private information (NPPI)	Flexible keyword and pattern (such as credit card number) filtering   Granular access control by user, group and domain   File transfer control by user and file type
California SB 1386	All California industries	Protection of personal information	Flexible keyword and pattern (such as SSN) filtering   Granular access control by user, group and domain   File transfer control by user and file type
EU Data Protection Act (EUDP)	All California industries	Protection of personal information	Flexible keyword and pattern filtering   Granular access control by user, group and domain   File transfer control by user and file type
PIPEDA	All Canadian industries	Protection of personal information	Flexible keyword and pattern filtering   Granular access control by user, group and domain   File transfer control by user and file type

• White Paper: Compliance and Data Loss Prevention in Unified Communications Solutions

  This paper, written by Grey Convergence, Russell JF Kirk, MVP, discusses the compliance and data loss risks – and prevention – associated with deploying a unified communications platform.

  Get the White Paper

• Case Study: Read how customers are benefiting from Policy Authority

  Read this to learn how customers are seeing real security and compliance benefits from Policy Authority for UC.

  Read the Case Study

• White Paper: Best Practices for IM Management

  For all its benefits, business IM can create security and compliance risk. This white paper explains best practices for the use of organizational IM to reduce risk and improve productivity.

  Get the White Paper

• Additional Resources

  • White Paper: Six Steps to Reduce Risk and Improve Control Over Real-time Communications
  • Datasheet: Learn the top features and benefits of Policy Authority
  • Case Study: Read how customers are benefiting from Policy Authority

• Related Solutions

  • Unified Communications
  • Microsoft-centric Archiving
  • Message-level Recovery and eDiscovery from Tape
  • Messaging Analysis and Reporting
  • Exchange Migration

• Contact Us

  • Request More Information
  • Locate a Local Office