Legal changes have brought a new level of challenge to IT administrators and corporate compliance officers in the last several years. In an era of HIPAA rules and Sarbanes-Oxley regulation, defining and enforcing formal document retention policies is critical for maintaining regulatory compliance and preparing for potential litigation. The Sarbances-Oxley act is particularly stringent, making it a crime to alter or destroy documents, including electronic documents and communication, that might be relevant during litigation or official proceedings. This includes information stored not just on a company’s file servers and workstations, but also data residing on laptops and other portable devices.

The goal of an effective document retention policy is to maintain records that are necessary for timely business conduct and for legal compliance(official correspondence, financial statements, personnel records, contracts, etc.), while shedding outdated and business-irrelevant material, such as personal correspondence, document drafts, etc. In some industries, business-relevant data must be maintained for as long as 7 years. And in the event of legal proceedings, ALL destruction of documents, including electronic communication, must immediately STOP. Severe penalties have been imposed on organizations that have failed to protect data needed for e-Discovery, even when the disposal of potential evidence has been inadvertent.

All of which begs several questions:

  • Where is your company data? In particular, sensitive information that can make or break your company… where is it and how do you get to it?
  • How much control do you have over that data? Can you easily enforce policies to ensure corporate or governmental regulations are met?
  • What tools do you have at your disposal now? What tools can help you to improve your control? Where should those tools be based (on-premise or in the cloud)?

Microsoft Exchange (particularly Exchange 2013) incorporates a number of new features that help to address these concerns. This includes:

  • In-Place Legal Holds and e-Discovery
  • In-Place Archiving
  • Journaling
  • Transport Rules (and Data Loss Prevention in 2013)
  • Information Rights Management
  • PST Capture Tool

These features make a great jumping off point to begin managing email, but don’t provide any utility in managing other forms of electronically stored information (files, SharePoint stores, instant message journals, etc.). For many organizations the capabilities inherent with Exchange may be sufficient, but for those in more heavily regulated industries or thoise with unique circumstances, a third party tool may be needed to take data management to the next level.

An ideal document management solution would encompass your entire data store – not just your Exchange environment and PSTs, but files and more. Moreover, your data has to be managed no matter where it is located… and managed from anywhere. Obviously the solution would have to be secure, it would have to robust in terms of features offered, you would need all sorts of robust management and reporting elements… including secure online access for virtually any device.

For some organizations, cloud based computing offers a lot of advantages, particular the cost savings associated with not having to maintain IT hardware – not just the cost of the servers and storage space, but the associated physical infrastructure and personnel costs. However, many admins are reluctant to turn their data over to the cloud for the very reasons we’ve touched on earlier. The very nature of storing your data offsite “in the cloud” raises concerns over security, data integrity, and perhaps most importantly of all, accessibility.

So… let’s imagine a new paradigm: one where you keep your data on-premise, where you keep your own systems, but manage it from the cloud. Obviously the solution would have to be secure, with a robust set of features offered, you with all sorts cool, flexible management elements and reporting elements… and available online with access for virtually any device.

Enter Sherpa Software’s Attender Online. Attender Online is a software-as-a-service solution for managing electronically stored information across a wide variety of content sources, delivering a cloud based solution that simplifies deployment and speeds innovation. Attender Online allows customers to securely manage a variety of content types from a single service, built on Sherpa’s market reputation and expertise in policy enforcement.

There are potent advantages of the Attender Online approach:

  • Enforcement occurs locally – data does not need to leave the customer site (i.e. information is not stored in the cloud)
  • Manage multiple types of ESI content from a single platform
  • Extensible – agent based design means new content sources can easily be introduced to the service
  • Rapid deployment – no infrastructure required at customer site
  • Policy Flexibility – processing features like branching, goto commands and loops in workflows allow greater policy control

To learn more about how Attender Online can help you establish and enforce a consistent, credible document retention strategy, contact Sherpa Software at 1.800.255.5155, or visit us at

[hs_action id=”4229″]