Managing Director, FTI Consulting
With increasing adoption of Microsoft 365 (O365), analysts have indicated the migration process has arisen as an acute pain point from an information governance and e-discovery perspective. FTI Technology’s Information Governance & Compliance (IG&C) Services team has built out a suite of offerings to help organizations navigate their cloud migration compliantly and efficiently. In addition to working with outside experts to troubleshoot and reduce risks, there are a handful of important considerations corporate IT, legal and compliance teams should address before making the move to the cloud.
I recently co-authored an article with Alain Pelluch, Data Privacy Manager at Novartis International AG, discussing these considerations and offering tips for mitigating cloud migrations. The article appeared in Computer Business Review, and covered the following points:
Many organizations have existing email archive solutions that may be on-premise or hosted by a third party. To be done right, teams should take a complete inventory of preservation obligations and regulatory requirements on email stores to inform retention and deletion criteria during pre-migration cleanup.
Some industries have regulatory requirements to retain an immutable copy of all emails for certain types of communication, or specific users, in a secure archive that is separate from the end user's access. The migration process should involve the company’s internal journal archive manager or the responsible third party, to fully understand compliance needs.
O365 offers controls to ensure deletion after the retention period expires, it does not ensure that messages are actually kept for the specified period. It is important to align the varying retention periods across different types of O365 content to avoid a resulting legacy data problem.
Many global corporations maintain separate email archives or other data repositories by country or region to maintain compliance with jurisdictional regulations. There are also limitations on searching data across geographies, making the involvement of legal and technical teams that understand these nuances imperative when designing cloud architecture.
Each company takes a different approach when it comes to their preservation and collection processes, so understanding the capabilities and constraints within O365, and working strategically with them will help save time and cost.
Read the full article, and detailed advice on the above points at Computer Business Review Online, available here.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.