The administrator may appropriately be tasked with administering, or at least overseeing, the process of email archiving, if for no other reason than the fact that end-users are not likely to do it themselves. The process of archiving emails, if left to individual end-users, would be chaotic at best. Uniform standards must apply, and archiving needs to be done according to a rule-based procedure; without such a rule-based procedure, the enterprise risks falling out of compliance with one or more legislative mandates.

But there are two pieces to the archiving puzzle: Putting things into it, and taking things out of it. The first part can be largely automated and done according to a set of rules that specify that emails get archived after a certain period of time. But as for the other end—searching the archives—that’s another story entirely.

The process of e-discovery for example, can be a nightmare, and lawyers have been known to cast a very wide net. The results can easily be tens of thousands of emails or more. Ultimately, this needs to be the domain of the legal department, who will be better equipped than IT staff to conduct a search designed to yield usable results.

But besides legal e-discovery, nearly every department will have a need for retrieval at some point. It is simply a waste of resources to require the IT department to conduct these retrievals. In the old days, it was necessary. Archives were kept on tape, on a shelf in a back room. The tape had to be physically retrieved and then loaded and read. But we’ve gone beyond that (hopefully) today.

Retrieval can take one of many different forms. Of course, when end users store their own emails locally in folders or PST files, they can do it themselves, but the process is decidedly clunky and inefficient and may be error-prone. The process instead needs to be rules-based, centralized, and automated. Exchange allows for easy integration with third-party services that allow for this.

In establishing a search and retrieval function, the IT department should implement a solution that gives end-users easy access, but access that is controlled with authentication and authorization to guarantee continued compliance with security requirements. Furthermore, the end-user interface should be web-based so that access can be gained from any browser, and lastly, the search function should be made efficient by allowing searches to be conducted not only from the subject header, but from the content as well. From a compliance perspective, most regulations will require an audit trail as well, and it will also be necessary to choose a solution that will log access.