This article contains information on how Compliance Protect ensures regulatory compliance by making archives immutable, meeting minimum retention requirements, and disabling deletion capabilities for financial services organizations.
Compliance Protect offers a minimum retention option based on a day value for the Mimecast archive. You can learn more about starting this process within Minimum Retention Settings: Technical Concepts.
Introduction
Compliance Protect enables a Minimum Retention setting on your account. Customers who are bound to regulatory compliance requirements (e.g., SEC 17a-4) have a mandated obligation to retain information for a predefined minimum period (e.g., seven years) in an immutable, unalterable state. Compliance Protect renders the customer's archive immutable and disables the ability to create any new policies or adjustments on the Mimecast archive.
Financial services organizations regulated by agencies such as the SEC, FINRA, FCA, and CFTC are required to adhere to specific rules and regulations covering many aspects of their business, with record keeping and data retention being some of the most important. These rules identify records that must be stored electronically and impose requirements regarding the preservation, accessibility, and retention periods of all such records. Compliance Protect helps these customers meet these rule requirements.
Once configured, Compliance Protect renders the archive immutable and disables all deletion capabilities, including the following:
-
-
- Retention Adjustments.
- Content Examination policies.
- Content preservation policies and definitions.
- Content metadata policies and definitions.
- Managed Folders.
-
Whilst Compliance Protect does render the archive immutable and disables all deletion capabilities, this is only for policies, definitions, tasks, and adjustments that contain a day value lower than the Minimum Retention Settings you choose.
Prerequisites
-
-
- Customers that require a filing with a regulatory body such as the SEC must have an archive to match the regulation, such as SEC 17a-4.
- All customers who require filings with the SEC will receive a letter from Mimecast confirming they're compliant as long as the point above is met and Compliance Protect is enabled.
-
Speak to us if you have not yet ingested legacy data that may be within your required minimum retention setting.
Requirements
To use Compliance Protect:
-
-
- You must have an archive to match the regulation you adhere to, such as 2190 days (6 years).
- You must be archiving or retaining email for at least 58 days if you do not adhere to a regulatory body.
- Legacy messages in your user mailboxes (e.g., those sent / received prior to archiving with us) must be archived with us.
- You must disable all policies, definitions, and tasks and stop any retention adjustments that contain a day value lower than your required minimum retention setting before enabling Compliance Protect .
Once Compliance Protect has been enabled, the minimum retention setting cannot be lowered.
-
Using Compliance Protect
If there are any of the following policies, definitions, or tasks that are below the minimum retention setting, they must be disabled before enabling the Compliance Protect product.
If you're ready to enable Compliance Protect, make sure you have spoken with our Support Team to ensure that you have configured the correct minimum retention value. To use Compliance Protect :
- Ensure you have stopped any retention adjustments with a day value lower than your required minimum retention setting.
- Disable all policies, definitions, and tasks that contain a day value lower than your minimum retention setting.
- Service Delivery will enable Compliance Protect with the appropriate minimum retention setting.
- Follow the steps mentioned in the Validating Your Minimum Retention Setting article.
Comments
Please sign in to leave a comment.