Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

EV Compliance Accelerator questions

Created: 05 Aug 2013 • Updated: 08 Aug 2013 | 3 comments
This issue has been solved. See solution.

Hi All,

 Hoping someone here can shed some insight on a couple items our compliance department want cleared up.

a.      Delete the large test pool of open items on our enterprise vault?
b.      Can we flag or whitelist addresses? 
c.      Can less than one percent be sampled?
d.      How can I view the reports/activity as a user?
 

On point a. we deployed CA earlier this year anticipating an SEC filing shortly there after, it was delayed and is now going to take place finally. The CCO would like to not have to bulk mark 50K+ items that have accumulated since they weren't operating in a production capacity with the product and wants to know if there is a way to clear all of this out. They would like to see if we can flush the random sampling hits and test searches to start from scratch while leaving the sampling configuration in place against the departments that have ben previously configured.

Point b. I think I have the answer and that should be the ability to set a dash infront of an entry in the hotword / keyword parameters for the sampling IE: -donotreply@delta.com to skip anything with that address in the journaled mail content correct?

Point c. they have the sampling rate set to 1% right now and feel that is still too much of a percentage as they will be monitoring 200 users for compliance with CA. Idealy they would like to be able to set it around .25-50% for now.

Point d. is related to configuring CA reports that would be like a report template that any CA user would be able to see and run at any time. What we've come across is that a report created by the CCO can't be seen by another user that would be a compliance reviewer.

Any assistance would be appreciated! =)

Thanks,

Nick M.

Operating Systems:

Comments 3 CommentsJump to latest comment

Kenneth Adams's picture

Hello, Nick;

In answer to your questions:

a. We do not support any means of deleting accepted sampling or searching hits that have been accepted into a Department review set other than deleting the Department.  To go in and manually hack the database to remove those items invalidates the entire Department.  It is best to note the Department's sampling percentages, Monitored Employees, Reviewers, Escalation Reviewers, Exception Employees, and any scheduled searches, then delete the Department and recreate it.  It may be quicker to stand up a new CA Customer and create new Departments.  The decision to rebuild your existing CA Customer or create a new one (then delete the original) is yours to make.

b. If you are using Random Sampling, you cannot white-list or -black-list e-mail addresses or domains through CA as Random Sampling takes ALL messages that are journal archived.  You have 2 other options, though.  One option is to create a Custom Filter to have such messages archived into a different archive than the journal archive or deleted all together before archiving.  The other option is to use ACE if on EV 9.0 or DCS if on EV 10.  ACE and DCS have rules that can be configured to apply a tag to include or exclude messages based on certain criteria that you can specify (such as SMTP addresses, words or phrases).  Using ACE or DCS allows those items to be journal archived, yet forcibly included or excluded from sampling.  They can still be included in searches if desired, though.

c. We do allow for fractional percentages, but you may be better serviced by using Statistical Sampling where you can cap the number of items included by Random Sampling.  Searches would not be affected by this type of sampling, so you can still get whatever hits you can from searching.

d. If you have your CA Reporting configured on a SQL Reporting Service that has a Reporting Account used instead of the Vault Service Account, your users could access the reports by accessing the ReportServer site using Internet Explorer.  CA is designed to allow each user with the proper permission (View Reports) to create and see their own reports, but it soes not allow other users with the proper permission to see other users' reports.  The CA Customer database has a table named tblPermission that lists all possbile permissions within CA.  From this table, we see the "View Reports" permission has the following description:

"Lets you create and view reports.  As the scope of reports may be wider than just the department  employees with this permission in a department can only view their own reports."

I hope this information help.  Let us know if you have any additional questions or need any explanation to the information I've provided.

Ken Adams

Backline Support for CA, DA, ACE, UCE, PSTD, ARMS, EVDC
US Support Region

SOLUTION
EV_Ajay's picture

Hi Ken,

Thanks for explanation.

Thanks,

Ajay

EV_Ajay's picture

Hi,

Do you have any updates on this thread? Do you need more assistance regarding this topic? Please mark the post that best solves your problem as the answer to this thread.

Thanks,

Ajay