15 - Compliance Dashboards

Michael Tawil
Michael Tawil
  • Updated

eDiscovery

What is the difference between eDiscovery Search and Advanced Search? 

eDiscovery Search has additional menus for saving the search criteria, previewing email search results, and modifying the search criteria. You can set up alerts, TAGs, and review processes on the results of the eDiscovery search, whereas you cannot perform these functions with advanced search.

Use advanced search only when you just want to download, restore, or migrate the search results.

 

How To Do an eDiscovery Search

  1. Login to your dashboard
  2. Click on “Compliance > eDiscovery”
  3. You will see the five most frequently used search criteria: Email Account, Date Range, From, TO / CC / BCC, and keywords
  4. Each criterion has a different input with AND & OR operator logic
  5. Leave a criterion blank if you do not want to use it
  6. Additionally, we have other available criteria for search
  7. You can remove criteria by clicking the “x” button and add criteria by clicking the “Add More Criteria(s)” button
  8. You can select the criteria that you would like to add. Then click the Add button. All criteria that you select will be appended under the latest criteria
  9. You must have at least 1 criterion
  10. After setting the criteria, input the name of the search. Please note that you are unable to input a name that already exists. The maximum number of characters allowed is 35, containing only alphabets (a-z or A-Z) and/or numbers (0-9). No special characters are allowed except the currency symbols

When you have finished setting the criteria and input name, then click the "Save" button. Any criteria and email results will be saved within the "Saved Search."

 

How To View Emails from eDiscovery Search

  1. Once you have saved an eDiscovery Search, on the eDiscovery menu, click the "Saved Search" tab
  2. You will see the Saved Search lists (the most recent search will be at the top of the list)
  3. Select the Search and click the "View > View Emails" button
  4. You will be directed to the "View Emails" tab, which allows you to preview emails one by one 
  5. You can also Download, Restore, and Migrate search results from this page

How to View or Edit Criteria from Saved Search

  1. Click "Compliance > eDiscovery" on the left navigation pane
  2. On the eDiscovery menu, click the "Saved Search" tab
  3. Select the Search and click the "View > View & Edit Criteria" button
  4. You will then be directed to the "Edit Saved Search" tab, which allows you to view or edit the search criteria
  5. Once edited, click the "Update" button

Tips to Optimize Free Text Search

  • Use comma to separate values: Use comma (,) to separate email or keywords, e.g.: john@example.com, emma@example.com, Robert, Steven
  • Special Characters are not allowed, except the currency symbols (e.g., $) and ‘_” Any phrase before the comma is counted as one keyword
  • For example, someone types phrases: the hills, high, very high mountain
    • Then, the keywords will be "the hills," "high," and "very high mountain."
  • johndoe@yourdomain.com can be searched through these keywords: johndoe, john, joh, jo, j, do, or johndoe@yourdomain.com. For a faster search, please try to use a large search string
  • If you want to search a group of emails, you can look for the keyword “@yourdomain.com.”
  • Do not use ‘@domain’ only as a keyword, considering emails with ‘@yourdomain.com’ & ‘@yourdomain2.com’ can be used.

Search Internal Emails

Internal Emails refer to emails distributed within the company's internals only. For example, the CEO sent an email to the sales team.

To / CC / BCC Only IN @yourdomain.com AND
From Only IN @yourdomain.com  

 

Search External Emails

External Emails refer to emails that are distributed outside the company. E.g., Quotation emails from your sales representative to the customers.

To / CC / BCC Not IN @yourdomain.com OR
From Not IN @yourdomain.com  

 

Inbound Emails

Inbound Emails refer to emails that the company receives.

Folder Not IN Sent Items

 

Outbound Emails

Outbound Emails refer to emails that the company employees send.

Folder IN Sent Items

 

Email Deletion by a Data Protection Officer

data protection officer (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR) or similar regulations.  

Data protection officers oversee a company's data protection strategy and implementation to ensure compliance with GDPR requirements. Only DPO can delete emails from our archiving solution.

Deletion rules and key points to remember for deleting emails.  

  1. Only Admins can enable a DPO role for a user (role can be internal or external to an organization)
  2. DPO can only delete emails assigned to them via the eDiscovery Search review process
  3. Any admin or compliance and review office can perform eDiscovery Search and mark emails for deletion
  4. Once the DPO requests to delete emails, they can review those emails
    1. If they decide that some emails should not be deleted, they can remove them from the deletion process
  5. A DPO must enter the reason for deletion before deleting emails, which will be added to the audit logs for compliance reasons
  6. Once emails are deleted, they cannot be recovered/added back

Please note that DPO cannot delete ANY EMAIL ON LEGAL HOLD. 

 

How To Mark Emails for Deletion by DPO

Any admin or compliance and review office can perform eDiscovery Search and mark emails for deletion.  

To mark emails for deletion, please follow the below process:

  1. Login as admin or compliance and review officer to the dashboard
  2. Click “Compliance -> eDiscovery -> Saved Search Tab
  3. Select the desired saved search for Review Process, then click on the “Mark for Review” button
  4. A pop-up will appear, select "Mark for Review & Deletion (DPO)"
  5. You will see it on the saved search page marked for Deletion

How To Review and Unmark Messages That Have Been Marked for Deletion

DPO can review messages and unmark them from deletion.  

  1. Login to the archive dashboard as the data protection office (DPO)
  2. Go to Compliance -> Review Process
  3. Click on the saved search “Marked for Deletion
  4. Open a message which is marked for deletion
  5. Click “Keep Message
    1. This will unmark the message; when you click start deletion next, it will not delete these messages

How To Delete Emails as a DPO

  1. Login to the archive dashboard as the data protection office (DPO)
  2. Go to Compliance -> Review Process
  3. Click on the saved search “Marked for Deletion
  4. Click the “Start Deletion” button to start the deletion process
    1. A pop-up will appear when you click that button. Enter the reason for deletion, which will be added to the audit logs for compliance reasons.
  5. Click “Agree

This will add the email deletion to the queue. If you want to be notified once the emails have been deleted, please select “Notify me by email after deletion is completed.”

 

Review Process

The review process provides an advanced browser-based interface for compliance officers and reviewers to review the company emails and ensure that they follow the company policies.  

 

This module allows you to review email content against a specific email search and filter criteria.  

 

Please note: BEFORE you start the review process:

  • An eDiscovery search MUST be created
  • Use the date ranges to filter emails in the eDiscovery Search you will use in the review process
    • This allows compliance officers to spend less time reviewing individual emails and more time reviewing and improving policies.  

How it works 

We use two special TAGs, “Marked for Review” and “Reviewed” for the review process.  

 

Once a user selects an email and marks it for review, we add the “Marked for Review” tag to that email.  

 

Once a user has reviewed the email, he can mark it as “Reviewed.” In this case, we will replace the “Marked for Review” tag with the ‘Reviewed’ tag. 

 

Who gets access to the Review Process? 

The account owners, admins, compliance and review officers, and reviewer roles have access to the review process.

 

How To Create A Review Process

Creating a review process means tagging emails with the “Marked for Review.”  

 

Only the account Owner, Full Admin, and compliance reviewer roles can create a review process. Review Process can be created using determined criteria in the eDiscovery saved search menu.

 

Before you create the review process, you must create an eDiscovery search and save the search by giving it a name.  

 

Please note: Make sure that the number of selected emails does not exceed 100,000 as this will significantly slow down the creation process. Use filters such as date range to reduce the number of emails in the saved search.  

  1.  Click “Compliance > eDiscovery > Saved Search Tab
  2. Select the desired saved search for Review Process, then click on the “Mark for Review” button
  3. Select "Mark for Review" again
    1. If the number of emails exceeds 100,000, you may want to edit the criteria before proceeding
  4. Once you have created the review process, you will be directed to the “Review Process” page
    1. The most recent Review Process will be added to the list with the same name as the eDiscovery Saved Search

Please note that review process preparation takes time, during which you should see a spinning icon. This spinning icon will disappear after the review process creation is completed.

 

Multiple Review Process 

Some emails might be in more than one saved search result. In this case, we will add the review tags “Marked for Review” and “Reviewed” only once.  

This tag status will change if it is changed or deleted by any user with access to the review process.

Please note that adding and deleting review tags takes significant processing time. The greater the number of emails that you want to add or delete tag, the longer it will take to perform the activity. Hence, kindly review your search criteria before adding or deleting tags. You might want to limit the search results by adding a date range to the criteria filter.

 

How to View Criteria in the Review Process 

  1. Click on “Compliance > Review Process
  2. Select desired email(s) on the list
  3. Click on the View Criteria button
  4. A pop-up, which shows the criteria, will then occur

Please note that edit criteria access is only granted to the Compliance and Review Officer and the admins.

 

How does the “View Emails” button in Review Process work?

A “View Emails” button is on the review process list page. Using this button, you can view “Marked for Review” and “Reviewed” emails on this page for a single criteria review.

 

How does the “Edit Status” button in Review Process work?

An “Edit Status” button is on the review process list page. By clicking this button, you can change the status of tags from “Marked for Review” to “Reviewed” and vice versa for all emails in the review criteria.

 

How To mark emails as “Reviewed”

  1. Click on “Compliance > Review Process
    1. This is where you will see all of the review processes

There are many ways emails can be reviewed

    1. Select the desired Review Process from the list, Click "Edit Status" and select “Mark All as Reviewed”, This will mark all emails as “Reviewed
    2.  Select the desired Review Process from the list. Click on "View Emails" > “Marked for Review
    3. You will be then directed to the "View Email" page. There is a review status column, which shows the status of an email. If an email needs to be reviewed, it will have a “Marked for Review” status.
      1. Open the email you want to review and click “Mark as Reviewed” at the bottom right corner of the page.

Only the Compliance and Review Officer can do a review process for all emails on the main menu of the review process list.

 

How to Remove Status in the Review Process 

  1. Click the “Remove Status” button on the Review Process page
  2. Remove “Marked for Review” or “Reviewed” tags from all emails in the review criteria

Alerts

How does the Alert system work? 

You can set an alert on any of your Saved Searches. You will then be notified by email once a new archived email(s) matches the search criteria set in your Saved Search.

 

How To Enable/Disable Alerts

  1. Create a search on "Compliance > eDiscovery" 
  2. Click on “Compliance > Alert
  3. You will see lists of Saved Search and ON/OFF switch toggle on each list
    1. You can directly enable/disable alerts by switching the ON/OFF toggle to enable/disable alerts one by one or just click the Enable/Disable All button to enable/disable alerts for all.

 Who will receive notification email(s)? 

The creators of the alert, which are the admins. Group Supervisor will receive notification email(s) for specified saved search alerts.  

How frequently will a notification email be received? 

An alert notification email will be sent once a day.

 

Retention Policies

What is a retention policy? 

An email retention policy is a company’s established policy for whose email records are kept and for how long. Data – including email - retention policies vary by business and can be subject to industry-specific regulation.

 

With our latest improvement, the prompt for retention is now on the main dashboard page. Once a user is detected, it prompts the addition of that user to a retention policy.  

 

There are two options: Default Retention or Custom Retention (existing retention we’ve had). 

 

The default retention prompt they see on the main page offers a quick alternative to setting up custom retention. It sets retention from 90 days to 11 years as the default domain-wide policy. Once a default policy is set, it will also display under the add account page.  

 

How do I create a Retention Policy? 

  1. If a retention is not set for an account, the dashboard will display a banner on the dashboard page informing existing users that some accounts need to be set up for retention
  2. There are two available links on the banner to choose the retention path:
    1. The "Click Here" button will redirect users to the retention policy page
    2. The "Set Retention Policy"  button will show a popup to let users set the retention directly
    3. You can set retention for domain level or customize it for account level on the retention popup
      1. If you wish to customize retention at the account level, click the "Edit Policies" button, and the system will redirect you to the Retention Policy page
      2. To set retention at the domain level, please select the retention period, check the agreement, and click the Save button
  3. The system shows a confirmation box to check, then click the Save button
  4. Once retention is successfully created, it will be shown on the Retention Policy page with the “Default Policy - ” format name.

Note: There is no Unlimited retention period while doing prompt retention. Please visit the Retention Policy page to edit and set the Unlimited retention period.

Additionally, once an item has been deleted by a retention policy, removing the policy will not allow that specific item to back up again. The only way to re-backup items deleted by a policy would be to purge the user completely and back them up from scratch.

 

Can I delete a Retention Policy? 

Go to ‘Compliance > Retention Policy’ and then click the ‘Retention Policy List’ tab. Select the policy you want to delete from the list, then click the ‘delete’ button.

 

Can I modify a Retention Policy? 

Go to ‘Compliance > Retention Policy’ and click the Retention Policy List tab.  

Select the policy you want to edit from the list, then click the ‘edit’ button. Please note that editing an existing Retention Policy will only affect emails that have not been deleted yet. 

 

How To See Which Policy Has Been Added to an Email Account

Go to ‘Compliance > Retention Policy’ and click the Retention Policy List tab. You can look over the table from the Details Column. If you want to filter selected email account(s), click the filter button on the top right corner, then select ‘Email Account.’

 

Can I add more than one policy to an Email Account? 

Yes, you can. If you have more than one policy on an Email Account, the system will automatically choose the longest one.

 

Can I get back any email deleted by the Retention Policy? 

No. The email deletion is permanent unless this email is still in the user’s mailbox and it would be backed up again in our backup system.

 

Where can I apply the retention policy? 

Retention policy can be set on email account(s), department(s), or ALL (all email accounts). If it is set on a department, it will be applied to all email accounts within the department.  

 

What is the Default Policy? 

By default, all emails will be retained forever. Hence, the default policy is “never delete”.

 

Retention periods

Retention periods are allowed from 1 year to 11 years of email receiving date.  

How is the retention period calculated? 

The retention period is calculated from the date the email was received in your mailbox and not from when the email was copied to our archive. It is applied to all existing emails and all future emails.

  • The policy is applied as soon as it is created
  • Emails would be deleted within 24 hours after their retention period is expired
  • Emails cannot be recovered once a retention policy deletes it

Example:

1-year retention policy is created today (3 June 2017)

Email receive date Retention policy period Retention policy creation date Policy expiration date
13 MAY 2012  1 YEAR TODAY TODAY
1 JUNE 2014 1 YEAR TODAY TODAY
4 JUNE 2017  1 YEAR TODAY 4 JUNE 2018
10 JUNE 2017 1 YEAR TODAY 10 JUNE 2018

 

Legal Hold

What is Legal Hold?

Legal Hold is a risk mitigation process that a company adopts to preserve all relevant data. (including emails) when litigation or investigation is reasonably anticipated

 

Where can I apply Legal Hold? 

Legal Hold can be applied to email account(s), department(s) & ALL (all email accounts). If it is set on a department, it will be applied to all email accounts in that department.  

 

What happens to the emails under legal?  

Email(s) is retained indefinitely once placed on legal hold, superseding any previously set retention policies. Any retention policy cannot delete emails in that account/department until the legal hold is switched off.

 

How to create Legal Hold 

  1. Click on “Compliance > Legal Hold” from the menu on the left side of the screen in the end-user portal
  2. You will see a page with two tabs: "Create New" and "Legal Hold List"
  3. There are two input boxes within the "Create New" tab
  4. Input the ‘"Legal Hold Name"
    1. Please note that you are unable to input a name that already exists. The maximum number of characters allowed is 35, containing only letters (a-z or A-Z) and/or numbers (0-9). No special characters are allowed except the currency symbols and underscore (“_”).
  5. Choose what you want to apply the Policy for
    1. There are three options:
      1. Email Account
        1. Input one or multiple email accounts
      2. Department
        1. Input one or multiple departments
      3. All
        1. Choose all email accounts
  6. Click "Save"
    1. The Legal Hold will be saved on the ‘Legal Hold’ list

 

Who has access to Legal Hold? 

All Admins (Full Admin, Group Supervisor & IT Admin) & Compliance Reviewer(s).

 

Audit Logging

What is the Audit Log? 

An audit trail (also called an audit log) is a security-relevant chronological set of records that provide documentary evidence of the sequence of activities or a specific operation, procedure, or event that has been affected at any time.  

 

For email Backup and Archiving, the Audit Log shows  

  • Messages & File Audit Log:
    • This shows all logs related to messages or files – for example, Download, restore, migrate, etc.
  • User Activity Log:
      • This shows all user activities, such as Adding an email account, creating a retention policy, etc.
  • System Activity Log:
    • This shows all system notifications sent. 

Who gets access to the Audit Log? 

Full Admin, Group Supervisor, and all Reviewers

 

What is an Archive ID? 

The archive ID is unique for every email to identify that message. It can be found in the view email page

  • Under subject in the search result for advanced search / eDiscovery search results
  • In the view message page
  • Audit log results under “Object Name”

 

How to use User Activity Log 

  1. Click on "Compliance"
  2. Click on "Audit Log"
  3. Select "User Activity Log"
  4. Select a Date Range – leave it blank if you do not want to specify a date range
  5. Select a specific user for whose logs you want to see - if you do not want to specify a user range, leave it blank
  6. Enter the Object Name (email account). If you want to just see that object's logs, leave it blank
  7. Click Search

How to use System Activity Log 

  1. Click on "Compliance"
  2. Click on "Audit Log"
  3. Select “System Activity Log
  4. Select a Date Range – leave it blank if you do not want to specify a date range
  5. Select a specific user for whose logs you want to see - if you do not want to specify a user range, leave it blank
  6. Click "Search"

 

How to use Messages & File Audit Log 

  1. Click on "Compliance > Audit Log"
  2. Select "Messages and File Audit Log"
  3. Select a Date Range
    1. Leave it blank if you do not want to specify a date range
  4. Select a specific user for whose logs you want to see 
    1. If you do not want to specify a user range, leave it blank
  5. Enter the Archive Message ID of the email.
    1. If you just want to see the logs for a message, leave it blank
  6. Click "Search"

 

How to download the Audit Log

  1. Once you have searched the logs, click on "Download" to download the logs
  2. You can download the Audit log file in .CSV
  3. The selected file will be generated and added to your Download list Menu by clicking the "Download" button
  4. You will be provided the download link once the file is ready
    1. Please note that the link will be expired within 24 (twenty-four) hours

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request