 |
What is MailStorSM?
MailStorSM is a managed email archiving service that provides organizations with an easy and cost-effective solution for archiving emails and attachments for regulatory compliance. MailStorSM satisfies the email retention requirements for securities brokers and dealers, registered investment advisors, hedge fund and asset managers, who must comply within the specific regulatory requirements stated in: SEC Rule 240.17a-4, SEC Rule 204-2, NASD 3010/3110, and NYSE Rules 342 and 440.
top
Is the MailStorSM server designed to be local to the client, or at the MSP's data center?
MailStorSM is a hosted solution, so nothing is required at the client’s location and there is nothing to install on client machines in order to archive email. MailStorSM servers are located at UbiStor’s secure data center and communicate with a domain’s mail servers, not the individual mail clients, to receive messages for the archive.
top
Does MailStorSM run as "Secondary" application to E-Mail so that if for some reason the MailStorSM server goes down, the client continues to have access to their e-mail?
In an Exchange environment, MailStorSM simply receives a copy off all messages via Exchange’s journaling capability. If for some reason MailStorSM goes down or the Exchange server cannot send mail to the MailStorSM servers, inbound and outbound Exchange traffic will not be interrupted.
top
Do you have to enable envelope journaling in terms of capturing email?
You can enable message journaling and MailStorSM will archive all the emails successfully however we advise enabling envelope journaling also because this insures that additional message header information will be provided as part of the email archiving process.
Per MSDN: “Envelope journaling provides a much more useful service because it records data about all recipients that a message is delivered to. One way to understand how envelope journaling works is in the context of distribution groups. Most distribution lists change, and query-based distribution lists are specifically created based on the fact that lists change. Therefore, just knowing that a message was sent to a specific distribution list is not sufficient to comply with most of the regulations mentioned earlier in this guide. To comply, you must show who actually received a particular message, regardless of whether they were on the Bcc line, or were a member of a distribution group that has since changed.”
top
You mention that the emails will come through Exchange journaling, what about other servers solutions?
For mail servers other than Microsoft Exchange, the MX record for the email domain to be archived must be redirected UbiStor MailStor. UbiStor will create copy of each message for its archive and then redirect the email traffic to the domain mail server. In this case MailStorSM receives its copy of the message before the mail server receives its copy.
top
What other email servers does MailStorSM support?
MailStorSM currently only supports MS Exchange for on-premise email servers, and with ISP hosted environments we can generally support any ISP based third-party mail server, as long as those mail servers support MX record forwarding.
top
Why should I use an email archiving service like MailStorSM versus buying my own software or hardware solution?
There are many reasons for using a managed email archiving service like MailStor:
- Cost-effective
- Easy to use
- Secure
- No end-user software
- Requires little or no IT resources to deploy and manage
For an organization to deploy a complete archival and compliance system in-house requirements would include switches, firewalls, routers, redundant application servers, backup devices, CD-R/DVD-R burners and more. On the staff side, skills in network support, security management, mail services and backup procedures would be required. Very few companies want to invest in that kind of redundancy of both staff and equipment in the fulfillment of just one service requirement. MailStor, on the other hand, allows organizations the ability to deploy and manage their email archiving solution without all the expense and expertise required for in-house email archiving systems.
top
What are the basic email requirements of SEC Rule 17a-4?
Broker and dealer emails are regulated by the SEC as “records” that are subject to retention requirements. Any documents pertaining to the “business as such” must be retained for a minimum of three years and for the first two years must be readily accessible. Records must be retained in accordance with the following conditions:
- Stored on non-rewriteable and non-erasable media
- Accuracy of recording process verified automatically
- Create searchable/duplicate indexes, stored separately
- Systematically audit the process and keep results
- Designate a third party to provide access
In other words, emails that fall into the broad category of communications relating to business include external, internal, and inter-office email as well as attachments and Instant Message (IM) traffic.
top
What about SEC Rule 204-2 for Investment Advisors, does MailStorSM meet those specific requirements for electronic communications?
Yes, Investment Advisors (IAs) are compliant for retention of all email communications under Rule 204-2, based on section (h) in Rule 204-2 that allows any “record” compliant with SEC 17a-4 to also be deemed compliant with SEC Rule 204-2.
top
How can I meet the “non-erasable, non-rewriteable” requirement in SEC 17a-4?
Electronic data that is determined "non-erasable, non-rewriteable" can be stored on what is known as "write once, read many" (WORM) media. This media can be optical- either DVD-R or CD-Rs, or non-erasable, non-rewriteable tape; or disk solutions. MailStorSM provides customers the ability to store and access email and attachments offline on DVD-Rs.
top
What are the requirements for third-party access?
Per SEC Rule 17a-4 section (f), “For every member, broker, or dealer exclusively using electronic storage media for some or all of its record preservation under this section, at least one third party ("the undersigned"), who has access to and the ability to download information from the member's, broker's, or dealer's electronic storage media to any acceptable medium under this section…" UbiStor functions as a third-party downloader (“the undersigned”), as required by SEC Rule 17a-4. Access to MailStorSM is granted individually to an Administrator or Compliance Officer with a specific user ID and password via a secure SSL-connected web-interface management console.
top
How secure is UbiStor’s data center?
UbiStor has a strong reputation and expertise in operating secure data centers for all of its storage services. UbiStor’s data centers are compliant with the American Institute of Certified Public Accountants' SAS 70 standards. SAS 70 standards require a data center's network infrastructure and processes to pass rigorous, third-party testing and demonstrate an environment with the processes and controls to effectively host and exchange corporate data and financial information for enterprise customers. Many companies, especially financial services companies, require credible proof that a service provider has processes and controls in place to provide a stable and secure network that can safely exchange private customer data; meeting SAS 70 standards helps provide that proof. Because of the standards we've adopted, UbiStor’s customers are assured greater levels of reliability, availability, and security of their data.
top
How secure are my archived emails?
UbiStor does not read, copy, distribute, tamper with, change, or otherwise interfere or observe your email and attachments. In other words, your email and attachments are encrypted and stored un-altered in our data center in both online and offline media.
top
Should we have the capability to capture and extract Instant Message sessions as well?
Many brokers/dealers and investment advisors use IM in their day-to-day business communications. IM is subject to the same rules as email per the SEC. UbiStor supports IM archiving in MailStorSM version 2.2. The same archiving, content scanning, compliance checking, and auditing capabilities are now available for both IM traffic as well as email.
top
What IM networks does MailStorSM support?
MailStorSM currently archives IM traffic from AOL, Yahoo, MSN and Bloomberg.
top
How does MailStorSM archive IM sessions when there is no IM server?
In order to archive IM sessions, the network administrator must block direct access to the IM networks and redirect IM traffic through UbiStor. UbiStor MailStorSM acts as a proxy to the IM networks and saves a copy of all IM sessions to the archive for retention, compliance validation and reporting. A document outlining the requirements is available from UbiStor Support.
top
How do you capture these IM conversations?
MailStorSM uses an IM proxy to capture and archive IM traffic. Network administrators are provided with instructions for blocking IM traffic at their firewall so that all IM traffic is redirected through MailStor. Users must then configure their IM proxy settings on their desktops to point to the UbiStor proxy server in order to send and receive IM traffic.
top
What would prevent a user from removing the MailStorSM proxy settings from their IM programs?
Nothing prevents a user from changing their desktop settings. However, the network administrator must block outbound traffic to the IM network providers to insure that the IM traffic is properly routed to MailStorSM servers for archival and compliance. As such, if the user changes their proxy settings, IM traffic will be blocked at the firewall.
top
How do I get started using UbiStor’s managed email archiving service?
Upon signing a service agreement, a UbiStor professional services representative will walk you through the set-up procedures. During your orientation, the representative will provide information about changing your MX record to point to UbiStor’s mail network, or setting up journaling on your business’ Microsoft Exchange server. After that step, there is no hardware to install and no software to configure.
top
How many users must I have to use UbiStor’s MailStorSM Service?
Although your business may enroll with any number of users there is a monthly minimum charge based on 30 mailboxes for non-hosted environments or 24 mailboxes for hosted users.
top
Do email aliases count toward my total number of users?
No. Your business’ total number of users is the number of "unique" users with a specific email address attached to a computer. We refer to these unique users as "mailboxes."
top
How much email storage capacity does each mailbox have?
Each mailbox is allowed 400MB of email and attachment storage. Additional storage charges for mailboxes exceeding the 400MB limit are applied monthly per mailbox.
top
Is there a minimum amount of monthly email traffic required?
There is no monthly minimum amount of email traffic to use MailStor.
top
How am I billed?
UbiStor bills customers monthly.
top
Is there an additional charge for archiving IM?
Yes, there is an additional charge applied for IM archiving.
top
What level of technical support is included in the MailStorSM service agreement?
The MailStorSM service comes with standard 9 X 5 support at no additional cost. Emergency 24 X 7 and Premium 24 X 7 X 365 support packages are available with additional fees.
top
|
