This guide provides an overview of the Compliance Protect functionality available from the administration console.
Compliance Protect enables a "minimum retention" setting on your account. Customers who are bound to regulatory compliance requirements (e.g. SEC 17a-4) have a mandated obligation to retain information for a predefined minimum period (e.g. seven years) in an immutable, unalterable state. Compliance Protect renders the customer's archive immutable and disables the ability to create any new policies or adjustments on the Mimecast archive.
Financial services organizations regulated by agencies such as the SEC, FINRA, FCA, and the CFTC are required to adhere to specific rules and regulations covering many aspects of their business, with record keeping / data retention being some of the most important. These rules identify records that must be stored electronically and imposes requirements regarding the preservation, accessibility, and retention periods of all such records. Compliance Protect helps these customers meet these rule requirements.
- Retention Adjustments
- Content Examination policies
- Content Preservation policies and definitions
- Content Metadata policies and definitions
- Managed Folders
- Customers that require a filing with a regulatory body such as the SEC must have an archive to match the regulation such as SEC 17a-4.
All customers who require filings with the SEC will receive a letter from Mimecast confirming they're compliant as long as the point above is met and Compliance Protect is enabled.
To use Compliance Protect:
- You must have an archive to match the regulation you adhere to such as 2190 days (6 years).
- You must be archiving or retaining email for at least 58 days if you do not adhere to a regulatory body.
- Legacy messages in your user mailboxes (e.g. those sent / received prior to archiving with us) must be archived with us.
- You must disable all policies, definitions, tasks, and stop any retention adjustments which contain a day value lower than your required minimum retention setting before enabling Compliance Protect.
Once Compliance Protect has been enabled, the minimum retention setting cannot be lowered.
Using Compliance Protect
If there are any of the following policies, definitions, or tasks that are below the minimum retention setting, they must be disabled before enabling the Compliance Protect product.
If you're ready to enable the Compliance Protect, make sure you have spoken with our Support Team to ensure that you have configured the correct minimum retention value. To use Compliance Protect:
- Ensure you have stopped any retention adjustments with a day value lower than your required minimum retention setting.
- Disable all policies, definitions, and tasks that contain a day value lower than your minimum retention setting
- Service Delivery will enable Compliance Protect with the appropriate minimum retention setting.
- Follow the steps mentioned in the Validating Your Minimum Retention Setting article.