Proofpoint Enterprise Archive: Supervision Review

Proofpoint Enterprise Archive provides automated capture of all your internal and external electronic communications, allowing for real-time access to archived email data for compliance, legal discovery and end user productivity. The below questions and answers explain more on Proofpoint's supervision review process that allows for the systematic review of email sent by employees:

» What is Proofpoint supervision review?

Proofpoint supervision review is a process that allows for the systematic review of email sent by employees. There are three main components to the email supervision archiving review solution:

Proofpoint’s policy engine allows customers to define what is considered acceptable use and which email messages, including randomly sampled items, should be added to the supervision review queue.
The email supervision archiving review queue contains a list of messages that have been identified as requiring review, with pointers to the actual messages in the archive. Messages in the queue include acceptable use policy violations as well as messages chosen for random sampling. The email archiving review queue also includes information about issues and processing of messages.
Proofpoint reports provides summarized information in graphical format to help identify the source (who) and the nature (what) of inappropriate activity.

» How are acceptable use policies defined?

Within the Proofpoint Enterprise Archive user interface, customers can define an unlimited number of acceptable use policies, along with the rules used to automatically detect violations of that policy. These rules can consider the person that sent the message, the content in the message (including any attachments), date ranges and whether the communication was internal or external. To avoid false positives, customers can also specify the text of the company's standard disclaimer which the system will ignore when looking for acceptable use policy violations.

» How are email messages selected for supervision review?

Messages are automatically selected for supervision review if they violate a policy. In addition, organizations can enable random sampling of email archiving reviews to help an organization identify problems that would otherwise be missed. This can be an important step in helping to continually improve the corporate messaging policy.

» Can I specify how many messages are selected for random email archiving review sampling?

Yes. Proofpoint allows customers to specify the percentage of each user's email that should be sent to the supervision review queue. Additionally, the email archiving review system allows customers to set limits on the number of email messages that are randomly selected. These caps can be set for each user or for the company as a whole.

» Can I define different sampling rates for different groups of users?

Yes. Random sampling options can be defined for everyone in a given role (job function) or department (organization unit) or on an individual person basis.

» What email archiving review workflow scenarios are supported?

Central Review Team Scenario
In this scenario, one or more people are responsible for reviewing all email messages that are added to the supervision review queue, regardless of who sent the message, or what potential violations have been identified. These reviewers can pass or fail messages.
Department Manager Review Scenario
In this scenario, a manager is responsible for reviewing all email messages that are added to the email supervision review queue that were sent by one of their direct reports, regardless of what potential violations have been identified. These reviewers can pass or fail messages.
Violation Expert Review Scenario
In this scenario, an expert for a given violation (such as human resources for violations of a harassment policy or compliance for insider trading) is responsible for reviewing all email messages that are identified as a potential violation of the appropriate policy. They can pass or fail messages. In this scenario random sampling is not enabled.
Multi-tiered Escalation Review Scenario
In this scenario, either a central review team or a department manager is responsible for reviewing email messages that were randomly sampled. They can pass the email message indicating that there are no violations. If they identify a potential violation, the message gets escalated to an appropriate expert for that violation. Only an expert for that violation can pass or fail the message once it has been identified and escalated.

» How do I define who reviews whose mail?

Reviewers can be assigned to review all mail for all users, all users within one or more Active Directory groups, or a specific list of users. Furthermore, a list of exceptions can be provided, allowing for easy configuration of "everyone except X" scenarios. To support "violation expert" review or "multi-tier escalation" review scenarios, each reviewer can be assigned as an expert on certain issues for some or all users. For example, the HR admin can review all instances of profanity, except those in messages sent by an executive (which the head of HR reviews).

» Can multiple reviewers be assigned to review the same people’s mail?

Yes. When a message is presented to a reviewer for evaluation, it is locked for 60 minutes, which prevents other reviewers from looking at the same email message. In this way, even if multiple reviewers with the same privileges are reviewing messages at the same time, each message is only reviewed once.

» Who can fail a message?

Any reviewer can mark a message as a potential violation of any policy, but only reviewers that are an expert for that policy can fail the email message. A message is failed when one of the potential violations is confirmed by an expert. In the central review team and departmental manager scenarios, reviewers are experts on all policies, and therefore can fail messages simply by selecting which violations exist in the message. In the violation expert or multi-tiered escalation scenarios, marking a message as having a violation results in the message being escalated for further review by an appropriate expert (unless the reviewer happens to also be an expert for the selected violation).

» What happens if a message is identified as a potential violation of multiple policies?

Proofpoint allows you to define the ranking of acceptable use policies, from most to least severe. Based upon this ranking, if a message is flagged as potentially violating multiple review policies, the message goes to the reviewer for the most severe policy. If they confirm that the message violates that policy, the message fails. If they clear all of the violations for which they are an expert, but other potential violations had been identified (or if they flag some additional violations), the message gets escalated to a reviewer that is an expert for the most severe policy that the message is flagged for.

» How can I track resolution of issues identified?

At any time in the review process, a reviewer that has access to a message can add comments. This allows customers to track steps taken to address messages identified as a violation of one of your policies. Once the resolution steps are completed, customers can change a message from "failed" to "closed" to help you distinguish resolved issues from those that require further action.

» Can I monitor if reviewers are falling behind?

Yes. The email supervision review screen shows real-time updates of how many messages are available in the review queue for each reviewer, and includes a breakdown of how old they are. It also shows how many messages were reviewed today. Customers can track whether reviewers are performing their review tasks in a timely way.