Professional Documents
Culture Documents
Email Retention Policy
Email Retention Policy
Overview
Electronic mail and messaging services are considered a critical means to transmit information
within the organization. As such, Email Retention policy is developed to provide guidelines to
employees in regards to email retention based on two major factors namely:
1. The kind of information sent or received via email that should be retained.
2. The duration that the information should be retained.
The information managed by the organization is defined as, but not limited to, information
which is stored, sent or received through email or other messaging platforms defined by the
organization.
Purpose
The purpose of this policy is to help employees determine the kind of information sent or
received by email and the duration of their retention. All employees are expected to familiarize
themselves with the email retention areas that are covered by this organization’s policy.
This policy is developed based on standards and specific guidelines to address on the best email
retention practices that the organization value. Employees are advised to seek clarification on
specific parts of the policy from their departmental heads and line managers. Any other inquiry
or clarification can be forwarded to the information security team for action.
A breach of this policy may result in disciplinary activities deemed necessary.
Scope
This retention policy applies to:
Policy
1. Administrative Correspondence
This correspondence defines the established organizations defined operating policy including
holidays, working hours, dress code, work place behavior and any legal issues that affects the
organization. It is in this regard that all email correspondence with sensitivity label:
Management Only shall be deemed as Administrative correspondence.
Retention of this correspondence is critical hence employees are required to address in copy
the administrative mailbox provided by the Information Technology department.
2. Fiscal Correspondence
This correspondence defines all information related to revenue and expense in the
organization. Any information sent or received in regards to this description shall be deemed
critical and must be retained as per the specified guidelines below.
Retention of this correspondence is critical hence employees are required to address in copy
the finance operations mailbox and retention will be maintained by the IT Department.
3. General Correspondence
This correspondence defines all information that relates to customer communication, inquiries,
partner communication and operational communication of the organization.
The retention of this correspondence and related information is to be done by the individual
employee. This is however specified to be retained for a stipulated period of 1 year after which
the information can be deleted.
4. Personal Correspondence
This correspondence defines a wide scope of email information such as personal email,
recommendations and review emails, product development emails, status reports emails and
subscription emails among others.
Employees are advised to read and delete the emails upon end of usefulness. This is considered
as transitory emails and should be deleted as soon as possible.
5. Email backup copies
Backup copies of the organization’s email system are created daily. The purpose of the backup
files is for system restoration in the case of a disaster. Employees are advised against retrieval
of emails from these backup systems as they are not designed to allow such operations.
Employees are also advised to create email archives to maintain email correspondence that are
a year older and such. This is to maintain the size of mailbox to the desired limit set by the
organization.
6. General Standards
Policy compliance
Compliance Measurement
• Email systems reports and logs should be checked on weekly and monthly basis.
• Regular audits of the email systems both by internal and external auditors.
• Regular training and reminder to employees on the email retention policy and
compliance.
• Policy compliance reports should be generated on quarterly basis for tracking any
discrepancies should be addressed immediately.
Exceptions
Any exception to the email retention policy must first be addressed and approved by the IT
department. As such, legal requests should first be channeled to the IT department for action
Non-Compliance
Any employee found to have violated this email retention policy shall be subject to disciplinary
action deemed fair and as such may include termination of employment.
Related Policies
• Email use policy
• Overall security policy