Creating an Email Data Protection policy - process overview
A policy comprises rules, actions, and notifications. A rule includes the conditions that must be satisfied before the policy is triggered and an Email Data Protection incident occurs. An action is the action to take when an incident occurs. A notification is an email that can be sent to the administrator, the sender, and the recipient, when an incident occurs.
You can create a policy based on a predefined template. When you base your policy on a template, you can add, remove, and amend rules, as required. A template includes suggested notifications and actions, but you should review these settings to ensure that they meet your requirements.
The service enables you to create highly flexible policies. You can combine multiple conditions in a rule and multiple rules in a policy. You can have multiple polices. Note that the system does not check that the policies you create are logical. You can enter combinations of conditions and rules that contradict each other and are ineffective. We recommend that you analyze your requirements carefully before creating your policies. You should also test your policies to ensure that they deliver the results you expect.
You can create policies at global and domain level. The policies that are defined at global level can be applied to an individual domain by copying the policy to the domain. Similarly, a policy that is defined for a domain can be copied to global level.
The following table provides an overview of the procedure for creating a policy:
Table: Steps for creating an Email Data Protection policy
Select Services > Data Protection > Email Policies.
Much of the logic that you include in a policy consists of lists of keywords, regular expressions, URLs and so on. You compare the content of an email with the items in a list. Ensure that you have all the lists that you require before you start to create your policies.
Click New policy or New policy from template.
When you create a new policy from scratch, you add the conditions, notifications, and actions that you require.
When you create a new policy from a template, you base the policy on a predefined set of conditions. You can then amend the conditions and add notifications and actions, to suit your requirements.
Provide a Name and Description for the policy.
We recommend that you provide meaningful names for the policies that you create. The policy names appear in reports and in the key statistics that you can choose to display on the Dashboard for the Email Data Protection service. Also, when a policy is triggered the name can be included in the notification email that is sent to an administrator. Avoid unacceptable language in a policy name.
Choose to apply the policy to inbound email, outbound email, or to both inbound and outbound email.
Note that some actions only apply to inbound email, for example the Tag Subject action.
Select an option from the Action drop-down list and review or change the setting of the Exit check box.
Choose the action to take when the content of an email triggers a policy. For example, with the Block and Delete action, a suspicious email is prevented from being delivered to the recipient and is removed.
Decide on your use of notifications for the policy.
A notification is the email that is sent to an administrator, sender, or recipient when the content of an email triggers a policy. You can decide the default notification settings to apply to your policies, at global and domain level. You can also choose specific notifications at policy level.
The rule name defaults to Rule 1, Rule 2 and so on.
We recommend that you replace these defaults with meaningful names, as a reminder of the function of the rule.
Select a condition from the Add a condition drop-down list.
Complete any additional information for the condition. For example, for a Content Keyword List condition, you can specify the minimum number of keywords that must appear in the content to satisfy the condition.
Choose the required setting for the Execute if drop-down list, if your rule requires further conditions.
This setting applies to the conditions in the rule. Choose from the following options:
All conditions are met
The rule is triggered if all conditions in the rule are satisfied.
Any conditions are met
The rule is triggered if one or more of the conditions in the rule are satisfied.
Click Add Rule
A rule must contain at least one condition.
Add more rules to the policy as required.
A policy can contain multiple rules.
The system does not check that the policies you create are logical. You can enter combinations of conditions and rules that contradict each other and are ineffective. Ensure that you test your policies before you implement the service for your users.
Select an option from the Execute if drop-down list.
This setting applies to the rules in the policy. Choose from the following options:
All rules are met
The policy is triggered if all the rules in the policy are satisfied.
Any rules are met
The policy is triggered if one or more of the rules in the policy are satisfied.
Click Save to save the policy.
When you save a new policy, it is inactive. Until you activate the policy it is not used to check email content.
Review the rules and conditions in the policy
Click on the policy to open it and review the rules that you have created. The Policy Summary section displays the rules and conditions that you have added to the policy.
Check that the policy appears in the right place in your policy list.
An email is checked against the active policies in your policy list, in the order in which they appear in the Email Policies tab.