Compliance Protect

Document created by user.bx3iB36ab3 Employee on Apr 9, 2019Last modified by user.oxriBaJeN4 on Sep 16, 2019
Version 7Show Document
  • View in full screen mode

This guide provides an overview of the Compliance Protect functionality available from the administration console.

Compliance Protect offers a minimum retention option based on a day value for the Mimecast archive. You can learn more about starting this process within Minimum Retention Settings: Technical Concepts.



Compliance Protect enables a "minimum retention" setting on your account. Customers who are bound to regulatory compliance requirements (e.g. SEC 17a-4) have a mandated obligation to retain information for a predefined minimum period (e.g. seven years) in an immutable, unalterable state. Compliance Protect renders the customer's archive immutable and disables the ability to create any new policies or adjustments on the Mimecast archive.


Financial services organizations regulated by agencies such as the SEC, FINRA, FCA, and the CFTC are required to adhere to specific rules and regulations covering many aspects of their business, with record keeping / data retention being some of the most important. These rules identify records that must be stored electronically and imposes requirements regarding the preservation, accessibility, and retention periods of all such records. Compliance Protect helps these customers meet these rule requirements.


Minimum Retention SettingOnce configured, Compliance Protect renders the archive immutable and disables all deletion capabilities including the following:

  • Retention Adjustments
  • Content Examination policies
  • Content Preservation policies and definitions
  • Content Metadata policies and definitions
  • Managed Folders
Whilst Compliance Protect does render the archive immutable and disables all deletion capabilities, this is only for policies, definitions, tasks, and adjustments that contain a day value lower than the Minimum Retention Setting you choose.



  • Customers that require a filing with a regulatory body such as the SEC must have an archive to match the regulation such as SEC 17a-4.
  • All customers who require filings with the SEC will receive a letter from Mimecast confirming they're compliant as long as the point above is met and Compliance Protect is enabled.

Speak to us if you have not yet ingested legacy data that may be within your required minimum retention setting.



To use Compliance Protect:

  • You must have an archive to match the regulation you adhere to such as 2190 days (6 years).
  • You must be archiving or retaining email for at least 58 days if you do not adhere to a regulatory body.
  • Legacy messages in your user mailboxes (e.g. those sent / received prior to archiving with us) must be archived with us.
  • You must disable all policies, definitions, tasks, and stop any retention adjustments which contain a day value lower than your required minimum retention setting before enabling Compliance Protect.

Once Compliance Protect has been enabled, the minimum retention setting cannot be lowered.

Using Compliance Protect

If there are any of the following policies, definitions, or tasks that are below the minimum retention setting, they must be disabled before enabling the Compliance Protect product.

If you're ready to enable the Compliance Protect, make sure you have spoken with our Support Team to ensure that you have configured the correct minimum retention value. To use Compliance Protect:

  1. Ensure you have stopped any retention adjustments with a day value lower than your required minimum retention setting.
  2. Disable all policies, definitions, and tasks that contain a day value lower than your minimum retention setting
  3. Service Delivery will enable Compliance Protect with the appropriate minimum retention setting.
  4.  Follow the steps mentioned in the Validating Your Minimum Retention Setting article. 


See Also...