The Journaling function in “on premise” Microsoft Exchange email systems was originally developed back in the late 1990s for financial services organizations to meet SEC requirements. The main requirement consisted of capturing broker/dealer communications (emails) immediately, ensuring those emails could not have been altered or deleted before they were stored on immutable storage (WORM) per SEC 17 a-3 and a- 4 requirements. The SEC wanted to ensure that broker/dealer communications were available to review in an unaltered state if complaints were later filed against the financial services organization or individual broker/dealers. In fact, other companies adopted journaling for various reasons, mostly when under litigation hold to ensure target custodian email was captured and held thereby avoiding spoliation charges. However, the financial services industry was the only industry to really require it via government regulation.
The cloud is an obvious candidate for storing vast amounts of email, files and other forms of unstructured data for compliance. Organizations in highly regulated industries such as financial services, healthcare, government, and energy are very familiar with the regulatory rules that require secure retention of electronically stored information (ESI). However, before you proceed it’s a good idea to carefully review some of the basic requirements for compliance archiving in the cloud.