MCO eComms Compliance has several core entities that are used to manage communications compliance. This article describes those entities and how they are related.
Alerts
Applies to: Review
When communications risk is detected an alert is generated and displayed within the Inbox. Alerts describe the terms that were detected and include a reference to the triggering message.
For alerts based on emails, there will only be a single message referenced in it. For alerts triggered by Instant Messages, Meeting Transcripts, or Call Transcripts there may be the triggering message and one or more additional context messages displayed in the alert details.
Alerts are triggered based on either the Account level detection policies or a single Group level detection policy. As such, every alert is associated with a single group or no group at all.
See also:
Messages
Applies to: Keep, Review
Every communication is archived within the solution is described as a message. A message may represent a single email, instant message, or utterance in the transcript of a meeting or call recording.
Messages are sometimes associated together into a thread, such that when viewing the message details within the archive the display will automatically group together all other messages from that same thread for easy review of conversational context.
When accessing and viewing messages within the archive, sometimes they will contain a mix of text, media, and related attachments.
Messages stored in the archive are the result of processing and de-duplicating source file communications data and, therefore, may be related to multiple source files.
When processed, participants to the communication are identified and, is matching Users in the application, they become mapped. Therefore, a single message may have 1 to many Users associated with it. Since each User may be associated with zero to many Groups, zero to many Groups may also be associated with each message at the time of initial processing.
After being processing for storage in the archive, relevant detection policies to the participating Users are run on the messages. Since zero to many Groups, each with their own detection policies may be associated to the message, multiple alerts can potentially be associated to a single message.
Case Studies
Applies to: Guide
References to information news events or other stories relevant to support the training on specific communications risk policies. These are displayed with the desktop notifications produced as part of Guide detection.
Case Studies may be written once and associated with an unlimited number of Policies and Lexicons.
Collections
Applies to: Keep
To support eDiscovery processes, Collections are used to assemble one to many messages, of any source, from the archive. Exporting collections will package all message content into a convenient zip archive for download.
Multiple downloads may be associated with a collection.
Groups
Applies to: Keep, Review, Guide
Groups are used to collect multiple Users that may have common risk management needs. Users may exist in multiple Groups.
Groups may also have designated Supervisors who have purview over the employees and their communications that are members of it. Group Supervisors may be one or more Users.
Ignored Senders
Applies to: Review
Communications detection policies can produce false positives by identifying risk against messages that are not interesting from a compliance management perspective.
Sometimes, all messages from specifically named senders, such as those sending newsletters or system notifications, can be identified for exclusion from all detection processes. Such sender email addresses can be added to this list to dramatically reduce false positives from this source of noise.
See also:
Ignored Text
Applies to: Review
Communications detection policies can produce false positives by identifying risk against messages that are not interesting from a compliance management perspective.
Sometimes, legal disclaimer and other boilerplate text can generate noise by triggering alerts on language that might otherwise be interesting for compliance to review. For this type of language, phrases can be added to this list that should be ignored by the detection processes - while still evaluating the rest of these messages for risk.
Lexicons
Applies to: Review, Guide
A list of Terms that have some common theme to make organizing and applying them easier for detection policies.
For Guide training notifications, Lexicons may have a single Case Study and Training associated.
Each Lexicon may be associated with one or more Policies in order to be active. If the Lexicon is not associated with any Policy it cannot be made active.
See also:
Policies
Applies to: Review, Guide
A superset of rules following a overarching theme that allows for easy administration. Policies are comprised of one to many Lexicons. They also inherit all of the Terms associated with their included Lexicons. For each included Lexicon and Term of the Policy the administrator has the ability to disable or enable subsets of these rules.
A Policy has from zero to many Lexicons. It is also either applied to the monitored employees as a Default Account Policy or it is applied only to specifically named Groups of users.
For Guide training notifications, Policies may have a single Case Study and Training associated that acts as default settings should included Lexicons not have overriding Case Study or Training content defined.
Source Files (aka Raw Files)
Applies to: Keep, Review
Communications data is received in a variety of source files as individual messages or within batch files. Whether individual or batch, there may be additional supporting files such as attachments and extended metadata that accompany the communications. All of this data is collectively considered source files, sometimes referred to as raw files or raw data.
Source files are parsed by the system to identify type and store in a consistent for that can be subsequently processed for archival and detection purposes. Once parsed, it is stored in it original ("raw") format for the duration of the application retention period.
Some source files contain a periodic batch of communications data. Therefore, a single batch source file may yield many thousands of individual messages in the archive. For data retention these batch source files are always retained based on the longest applicable retention to any message derived from it.
Both batch source files and individual message source files may also be determined to be duplicates. Some systems send redundant data by design, email journaling systems will sometimes send duplicate data if multiple participants have journaling rules applied, and some batches may simply contain overlapping message data. For these reasons, it is important to understand that the system may have multiple source files that end up resulting in a single archived message. All of these redundant message sources are retained until the related archived message is subject to purging it.
Terms
Applies to: Review, Guide
A detection rule described by text or phrase matching pattern. Each term may be associated with one to many Lexicons. Terms are the core of the risk detection policies and there may be large numbers of them active in some accounts.
See also:
Training
Applies to: Review, Guide
References or specific brief case study content associated with specific communications risk policies. These are displayed with the desktop notifications produced as part of Guide detection.
Trainings may be written once and associated with an unlimited number of Policies and Lexicons.
Users
Applies to: Keep, Review, Guide
Named employees that covered by communications compliance policies and the compliance users that performance the supervision in the application. Each user has a role defined that defines if they are a user with login privileges to the application of if they are solely there oversie of their mapped communications.
Users may be placed in zero to many Groups to simplify administration of detection and other related compliance policies.
Users, identified with the Supervisor role, may also be associated with one or more Groups as its designated Supervisor.
See also: