Hi,
It mostly depend on your company rule, but a good one is to say that you need same level of security as network equipemnt which manage span port.
Just be sure that access to server is secure, as in case of technical issue network monitor may store a copy of emails in plain text format on your server.
Regards