Email archiving
E -mail archiving is a separate term for a long-term, steady and safe storage of electronic messages. Based on this filing are on the one statutory requirements for the complete documentation of tax-related documents and other requirements of companies and private individuals in the management of increasingly complex e -mail communication data and processes.
Basics
For several years now the e -mail communication has the "classic" types of communication telephone, letter, telex and fax overtaken in importance or even exceeded entirely. Thus, the e -mail data exchange has become a mission-critical communication platform, their smooth functioning for many companies has become essential. At present, yet the e -mail users, so for example, employees of a company, who is responsible for the content, protection and utilization of the data. A systematic recovery and archiving by the company is becoming increasingly important. Reasons for this are:
E -mail archiving to meet legal requirements
The Principles of Data Access and Verifiability of Digital Documents (GDPdU ) have established guidelines on that all tax-relevant data must be kept presentable in machine readable form. This also applies to the e- mails and their attachments. Other requirements also arise from the Tax Code ( AO) and the Commercial Code (HGB).
Archiving as protection against e -mail data loss
E -mail, as business-critical information carrier, must be protected from data loss and illegal spying. E -mails are lost due to defective PST files ( MS Outlook), careless deletion or change of system. Often entire mailboxes are removed when an employee leaves the company without having to present a necessary permission from the user.
Archiving as protection against overload of e -mail servers
In the course of a few days and months, email data accumulate on servers and occupy disk space. The larger the allowed attachment ( Attachment), the greater the required memory space. Since many companies define size limits on mailboxes, this data must transferred into an archive and is no longer updated information will be deleted in the mailboxes.
Tamper resistance
To meet legal requirements, a tamper-proof archiving is required. This is achieved in addition to the possibility of writing on a WORM ( delete-protected media ) (where years of manipulation can also be called into question ) on the archived e-mail messages by cryptographic processes. As an independent body here, the Fraunhofer Institute for Secure Information Technology (SIT ) developed a module " ArchiSoft ", which takes over this process and also ensures that after a compromise this cryptographic process, all already in the e -mail archive emails be nachsiginiert with the newer, secure cryptographic process. In connection with the use of accredited timestamp services as a permanent protection against manipulation is to be ensured.
Distinction between server-or client -controlled archiving
With respect to the strategy of archiving two basic approaches can be distinguished. A variant is the server-side archiving. If we follow this approach are generally all e- mails transmitted directly after its receipt on the e- mail server in the archive system. The same applies to outgoing e -mails. This method is often referred to as journaling. It can thus be ensured that all messages are transmitted tamper -free in the archive system. The archive system itself must have safety devices to counteract also later manipulations. However, this method requires a lot of memory. Why spam filters should be used to sort out unwanted messages and exclude from archiving. It should be ensured that not inadvertently important e-mails are classified as spam. That would mean that the declared as spam e- mail on hand, must be searched regularly and before permanently deleting them, may be relevant e-mails.
Furthermore, in the server-side archiving can rule-based concepts are used to analyze the e -mails according to the defined rules and archive. About such rules diverse and individual scenarios are possible. Usually, in the server-side archiving the e -mails are removed from the productive e- mail system. You can access the user no longer on the e -mail system, but, mostly via a reference, directly to the archive. Also the search is handled directly by the archive. This leads to a relief of the e- mail server.
The second variant is the client-side archiving. Here, the user does not control itself, which e- mails are archived and which not. He mostly used to such properties, which he assigns to the e- mails, or he moves them into specific, intended for archiving folder. While the client-side archiving offers the user a high degree of flexibility, but there is a danger of accidentally not to archive important emails. Which archiving strategy to choose companies depends on their individual preference. If the meet compliance requirements and a concomitant legally compliant archiving attributed to a high value, then a journaling archiving, so to recommend the server-side variant.
Criticism of isolated e- mail archiving
The isolated archiving of e -mails provides companies but also a risk, since e -mails must be brought into a tangible connection with other electronic documents. Information must comply with the content, use and legal character are archived and not a function of the form. Therefore, it is made up by the approach of e- mail management, E -mails over to electronic archiving systems that manage other electronic documents, scanned facsimiles, and records under a common index. So e- mails can be visualized as a component of electronic records, taking into account the completeness and context of all associated information.
Possibilities of e -mail archiving
ASP solutions (Application Service Provider ) for e- mail archiving
Stand-alone solutions client or server side
Document management solutions and CRM systems
Contradiction between the requirements of GDPdU and postal secrecy
In the administrative order issued by the Federal Ministry of Finance ( GDPdU ) is defined as a " tax- relevant document " - for example, a bill that has been received in electronic form in a taxable - just to document and secure is just like a normal postal bill. If an invoice is sent or received as an attachment to an email, it means:
- The receiver / shipper must provide each of these electronic documents - and as such it is also an e -mail to understand - save retrievable.
- The receiver / shipper must check the integrity of the data and document the results.
- The receiver / sender must store the bill on a carrier medium which does not allow for changes.
- The receiver / shipper must record the receipt of tax-relevant data and their further processing and archiving.
- The receiver / shipper must ensure that the transfer, archiving and conversion systems to comply with gobs ( generally accepted standards for DV - based accounting systems ).
In a possible audit a direct read access, access via evaluations and the data carrier handover in different formats must be enabled.
The question of which is a chargeable document or not is decided in doubt the tax office, and it is possible that all emails can be classified as tax-relevant documents. In consequence, this means the obligation to save all incoming and outgoing e -mails automatically to the company. Also, private, shipped from employees or received e -mails would then stored in a retrieval system and be an auditor accessible. Intervention on the part of employees, such as deletions or alterations in this system would have to be consequently prevented.
The problem: An automatic storage and the access to private e -mails of employees might postal secrecy, which was a fundamental right enshrined in Article 10 of the Basic Law hurt. E -mails are by definition the category " letter " and subject to this fundamental right. Therefore, an automated e -mail security measure will be permitted only through a contractual agreement with the staff or with the consent of an authorized representative council in a company. Another possibility is to enforce a ban of private e -mail communication on the part of management.