1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SME compliances

Discussion in 'The Lounge - Off Topic' started by westernkings, May 4, 2011.

  1. westernkings

    westernkings Gigabyte Poster

    1,432
    60
    107
    Does anyone have any good advice or articles on what are the legal requirements (if any) for SME's on things such as recording and archiving emails etc etc?

    I feel like it's one gap in my knowledge base that I could rectify quickly enough with some reading?
     
    Certifications: MCITP:VA, MCITP:EA, MCDST, MCTS, MCITP:EST7, MCITP:SA, PRINCE2, ITILv3
  2. wagnerk
    Highly Decorated Member Award

    wagnerk aka kitkatninja Moderator

    10,831
    357
    341
    Does this help? To my knowledge, it doesn't matter if it's a small, medium or large organisation/enterprise. It applies to every business.

    -Ken
     
    Certifications: CITP, PGCert, BSc, HNC, LCGI, PTLLS, MCT, MCITP, MCTS, MCSE, MCSA:M, MCSA, MCDST, MCP, MTA, MCAS, MOS (Master), A+, N+, S+, ACA, VCA, etc... & 2nd Degree Black Belt
    WIP: PGDip
  3. westernkings

    westernkings Gigabyte Poster

    1,432
    60
    107
    So it's a legal requirement to have them in place? or is it just a case of your up the creek without a paddle if you don't have them in place when you really need it, so it's better to have them?
     
    Certifications: MCITP:VA, MCITP:EA, MCDST, MCTS, MCITP:EST7, MCITP:SA, PRINCE2, ITILv3
  4. JonnyMX

    JonnyMX Petabyte Poster

    5,239
    211
    236
    I've dealt with the information commissioner on a number of occasions.
    It's really a matter of being reasonable and sensible, and it's also a game of odds.
    You'd have to be pretty unlucky for someone to take an official interest in your internal practices (such as a tribunal), and if they do, and you haven't followed best practices/legal requirements then it doesn't help your case.

    But again, the word is always 'reasonable', which is vague as anything.
    Do you take reasonable care to protect data?
    Do you store personal information for a reasonable length of time?

    It all depends on how your business works.
    For example, if your sales force needs access to your clients personal information in order to do their daily job, then it is not reasonable to have them locked in a vault, or protected by a password that only the manager knows. But do the sales force need to be able to see everything? Order history, payment details, outstanding bills? Maybe, maybe not. If the question gets asked as long as you have a sensible (and reasonable) answer, you should be OK.

    If you are going to record emails or phone calls, make sure staff know that's what you are doing.
    If you intend to discipline staff for improper use of company phones or email, make sure they know that and apply it fairly.

    Having said all that, there are rules about storing things like credit card numbers, which you may want to check out. Whichever bank your company uses will be able to tell you.
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  5. westernkings

    westernkings Gigabyte Poster

    1,432
    60
    107
    Thanks for that mater. Right now the case is the exchange database is backed up daily and staff simply do not delete emails. However there is no recording or archiving going on and we have agreed due to the nature of the work they do that it is only good to implement something.

    I was thinking Journalling and then something else but not overly clued up on the products and choice available for a small firm.

    +REP mate
     
    Certifications: MCITP:VA, MCITP:EA, MCDST, MCTS, MCITP:EST7, MCITP:SA, PRINCE2, ITILv3

Share This Page

Loading...