June 6, 2013

Creating a "Confidential" policy in your organisation

Some organizations have an "Confidential" policy. This can mean that for any document intended for internal use with the words "confidential" or other nominated verbiage such as "Internal Use Only", "Company Distribution Only" can be stopped at the Hub transport level from reaching any external recipients.

The concept is to set up a transport rule to delete anything with the terminology found in the body of the text or attachment. There is a way to by pass this for the occasional exception. We will cover that at the end.

1: Open Exchange Management Console 2010
2: Drill down to Organization Configuration> Hub Transport> Transport Rules (tab)

3:Click on "New transport Rule" in the right hand navigation pane.
4: A wizard will open up.
5: At the introduction screen, type in the name of your rule eg: For Company use only.  Click the Enable rule check box if not already selected.
Then click Next.

6:  At the next screen, click on the box "Sent to users that are inside or outside the organization,or partners. Click Next.

 7: The next screen will allow you to put in all the phrases that you want blocked within your organisation.
Examples include "Company Use Only", "Confidential", "Internal Use only"
When finished with your list, click OK then Next.
8: The next screen is defining the conditions. Select the box "Sent to users that are inside or outside the organization, or partners" if not already selected. Click Next.
9: At the next screen select the check box "Send Rejection message to sender with enhanced status code". This will ensure that users who have breached the confidential rule will be aware that their email did not reach the intended recipient. This will allow them eot correct the issue or ask to bypass the rule (this can be done by creating an exception rule at the end and creating a distribution list as the exception. You can add "exception" individuals in this group).
Click Next.

10: Optional. If you wish to create a bypass list for the "confidentiality rule" you can do so by creating a distribution list and adding it as an exception. This is not recommended practise as this becomes a time consuming task managing a list of users who do not wish to comply with the companies confidentiality policy., Click Next.
11: At the next screen, review the rule you have created and click ok to create the rule.

12: At the next screen click finish.