Active Policy Management
Encyclopedia
Active policy management is business-oriented enterprise software
that provides an approach for efficiently and effectively addressing the many risks inherent in electronic communication. With the exponential growth in the use of electronic communication, many businesses are exposed to significant risks every day. These risks range from non-compliance with various regulations, to the leakage of intellectual property
, and to inappropriate or offensive employee behavior. Active Policy Management enables a business to accurately detect the violations, to take the appropriate action (even blocking the message from being sent), and to quickly find and review the violation in order to address the situation, preventing further damage.
There are many channels of electronic communication including e-mail
, Web-based e-mail, instant messaging
, messages sent from a Bloomberg terminal
, mobile e-mail sent from a handheld device such as a BlackBerry
, general use of a web browser
, ftp, file copying (eg memory sticks) and many others.
Policy can only be effective at identifying violations if it can understand the true intent of a message. Policies based only on a list of words or a lexicon
generally cannot perform this task.
For any APM solution to be effective, it must have a proven technology to define and deploy accurate policy. And by “proven”, an interested party should inquire as to a particular solution’s successful installation at one or more customers.
Real-Time Prevention can detect violations in electronic communication before a message has been sent (and before it has been delivered to an intended recipient). By doing this, a violation is prevented from having occurred. And, in the case where archive software is used, a message that has not been sent will not be ingested by an archive or be retrievable at a later date.
Intelligent Review can detect violations in electronic communication after a message has been sent. Intelligent Review also creates extremely targeted queues of messages that have a high likelihood of having violated an important corporate or regulatory policy. A reviewer or supervisor can easily access these relevant messages in order to thoroughly audit them. An audit can include flagging, exporting, approving, rejecting, and escalating a message.
Smart Tagging analyzes messages and assigns them to one or more categories. This categorization can be used for selective message archiving, to retain messages based on their content, and to enhance message retrieval for investigative purposes.
have a very strong need for APM. Industries where companies have many of their intellectual property
assets in digital form would benefit from protecting those assets with APM. Other industries that would benefit from using APM include those where companies are concerned with corporate behavior and governance and those that use archive
software to store messages for long periods of time, often for at least 3 years.
Enterprise software
Enterprise software, also known as enterprise application software , is software used in organizations, such as in a business or government, contrary to software chosen by individuals...
that provides an approach for efficiently and effectively addressing the many risks inherent in electronic communication. With the exponential growth in the use of electronic communication, many businesses are exposed to significant risks every day. These risks range from non-compliance with various regulations, to the leakage of intellectual property
Intellectual property
Intellectual property is a term referring to a number of distinct types of creations of the mind for which a set of exclusive rights are recognized—and the corresponding fields of law...
, and to inappropriate or offensive employee behavior. Active Policy Management enables a business to accurately detect the violations, to take the appropriate action (even blocking the message from being sent), and to quickly find and review the violation in order to address the situation, preventing further damage.
There are many channels of electronic communication including e-mail
E-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
, Web-based e-mail, instant messaging
Instant messaging
Instant Messaging is a form of real-time direct text-based chatting communication in push mode between two or more people using personal computers or other devices, along with shared clients. The user's text is conveyed over a network, such as the Internet...
, messages sent from a Bloomberg terminal
Bloomberg Terminal
The Bloomberg Terminal is a computer system provided by Bloomberg L.P. that enables financial professionals to access the Bloomberg Professional service through which users can monitor and analyze real-time financial market data movements and place trades on the electronic trading platform...
, mobile e-mail sent from a handheld device such as a BlackBerry
BlackBerry
BlackBerry is a line of mobile email and smartphone devices developed and designed by Canadian company Research In Motion since 1999.BlackBerry devices are smartphones, designed to function as personal digital assistants, portable media players, internet browsers, gaming devices, and much more...
, general use of a web browser
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
, ftp, file copying (eg memory sticks) and many others.
Electronic communication policy
The key to effective detection of violations in electronic communication is policy. Policy for electronic communication defines who can send what to whom, and, if a violation is detected, what action to take. A policy is designed to address a specific issue or risk. Examples include:- Certain reports cannot be sent externally without a proper disclaimer being present
- Certain employees cannot communicate about a business matter with other employees
- Documents intended for internal use only must not be sent to a recipient who is not a company employee
Policy can only be effective at identifying violations if it can understand the true intent of a message. Policies based only on a list of words or a lexicon
Lexicon
In linguistics, the lexicon of a language is its vocabulary, including its words and expressions. A lexicon is also a synonym of the word thesaurus. More formally, it is a language's inventory of lexemes. Coined in English 1603, the word "lexicon" derives from the Greek "λεξικόν" , neut...
generally cannot perform this task.
For any APM solution to be effective, it must have a proven technology to define and deploy accurate policy. And by “proven”, an interested party should inquire as to a particular solution’s successful installation at one or more customers.
Application areas
APM has three primary application areas. Real-Time Prevention, Intelligent Review, and Smart Tagging.Real-Time Prevention can detect violations in electronic communication before a message has been sent (and before it has been delivered to an intended recipient). By doing this, a violation is prevented from having occurred. And, in the case where archive software is used, a message that has not been sent will not be ingested by an archive or be retrievable at a later date.
Intelligent Review can detect violations in electronic communication after a message has been sent. Intelligent Review also creates extremely targeted queues of messages that have a high likelihood of having violated an important corporate or regulatory policy. A reviewer or supervisor can easily access these relevant messages in order to thoroughly audit them. An audit can include flagging, exporting, approving, rejecting, and escalating a message.
Smart Tagging analyzes messages and assigns them to one or more categories. This categorization can be used for selective message archiving, to retain messages based on their content, and to enhance message retrieval for investigative purposes.
Industry Relevance
Virtually all businesses use electronic communication and are exposed to the inherent risks therein. Certain businesses are exposed to more risks than others. Heavily regulated industries such as financial servicesFinancial services
Financial services refer to services provided by the finance industry. The finance industry encompasses a broad range of organizations that deal with the management of money. Among these organizations are credit unions, banks, credit card companies, insurance companies, consumer finance companies,...
have a very strong need for APM. Industries where companies have many of their intellectual property
Intellectual property
Intellectual property is a term referring to a number of distinct types of creations of the mind for which a set of exclusive rights are recognized—and the corresponding fields of law...
assets in digital form would benefit from protecting those assets with APM. Other industries that would benefit from using APM include those where companies are concerned with corporate behavior and governance and those that use archive
Archive
An archive is a collection of historical records, or the physical place they are located. Archives contain primary source documents that have accumulated over the course of an individual or organization's lifetime, and are kept to show the function of an organization...
software to store messages for long periods of time, often for at least 3 years.
See also
- Enterprise softwareEnterprise softwareEnterprise software, also known as enterprise application software , is software used in organizations, such as in a business or government, contrary to software chosen by individuals...
- Regulatory complianceRegulatory complianceIn general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and...
- E-mailE-mailElectronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
- SECUnited States Securities and Exchange CommissionThe U.S. Securities and Exchange Commission is a federal agency which holds primary responsibility for enforcing the federal securities laws and regulating the securities industry, the nation's stock and options exchanges, and other electronic securities markets in the United States...
- Financial Industry Regulatory AuthorityFinancial Industry Regulatory AuthorityIn the United States, the Financial Industry Regulatory Authority, Inc., or FINRA, is a private corporation that acts as a self-regulatory organization . FINRA is the successor to the National Association of Securities Dealers, Inc. ...
- NYSE
- Intellectual propertyIntellectual propertyIntellectual property is a term referring to a number of distinct types of creations of the mind for which a set of exclusive rights are recognized—and the corresponding fields of law...
- ArchiveArchiveAn archive is a collection of historical records, or the physical place they are located. Archives contain primary source documents that have accumulated over the course of an individual or organization's lifetime, and are kept to show the function of an organization...