Emails are by far the primary target for companies performing retention policies and/or eDiscovery; in fact, many companies don’t consider other types of data when these topics are discussed. Not yet anyway. But all companies need to be aware that emails are not their only IT risk; attachments must also be considered. Attachments within messages were originally files that someone created and stored within the permanent storage area of your company. In addition, many of the mailed attachments are saved within that same permanent storage meaning that attachments of every shape and size probably exist somewhere, even if you don’t know exactly where.
The question here is usually, “What kind of files are these?” Some are software files (e.g. PowerPoint, Excel, etc.), others are personal, such as pictures of kids, and others could contain valuable information, such as Word documents, PDFs, and more. Regardless of the file type, they need to be managed via a retention policy – which is easier said than done.
Email is definitely easier to get your arms around. It is centralized on your mail, archive and journal servers. There might be user-initiated data leakage to other locations, but mostly it is stored in a minimum number of locations. Files, however, can be anywhere – and it is a large challenge to manage them.
The most difficult aspects of file management are knowing what files exist, where they are stored and what kind of files they are. What kind of files doesn’t simply mean the extension – it involves the content. For instance, let’s say you have two PDF documents – one is a contract, and the other contains assembly instructions for a toy. It is a mistake to classify these two files together just because they have the same extension. What I recommend is to classify files based upon their content, not what software was used to create/update them.
Is this difficult? Absolutely. Will it be very time-consuming? Most definitely. But once you have been able to create a full inventory of your files, you can then start the process of not only classifying them by content, but also applying retention periods to those files. I am not condoning the automatic deletion of all files older than 90 days, but what I am saying is to create a strategy that in the end, is a retention policy for files. Some might never be deleted, but as long as that is an intentional decision by the powers that be in your company, it is a retention policy.
So which do you do first, inventory the files or create the file classifications? I think the classifications for every company will be very similar. Of course, one company could refine classifications more than another, but the basic classifications will be the same. With that said, I recommend creating the classifications, while also being open to augmenting your list as needed. Once you have created the initial classifications, it is time to create your file inventory. Though this appears daunting in a way that may confuse you on where to start, it is vital that you create a methodology and then start the process. The obvious locations would be the file servers and the user laptops/desktops. Though typically, I prefer to do the more difficult task first to get it behind me, I recommend starting with the file servers, since the files are centralized. This will allow you to have a sanity check on your classifications, as well as build momentum for your file inventory. Once that is done, then it is time to move onto the users. This could be very time-consuming, but it is a necessary evil. After that, there are tapes, other data stores, and more that can contain files.
In summary, managing files will not be easy and will be a time-consuming and resource-intensive process, but it will benefit your company in the long run. Start managing your files today! For information on how Sherpa Software can help with this endeavor, give us a ring or email firstname.lastname@example.org.