MessageGate Uncovers Urgent Need For Stronger Email Controls For FERC Order 717 Compliance

MessageGate, Inc., a leader in enterprise email controls for corporate risk management, today unveiled market insights that reveal regulated energy and gas entities lack the necessary email enforcement methods required to meet increased regulation by the Federal Energy Regulatory Commission (FERC).

FERC Order 717, the most recent FERC regulation, requires organizations to manage and prevent communications between marketing function employees and marketing affiliates. Recent research collected during customer email compliance audits through the MessageGate Activity Profile (MAP) service indicate organizations in the energy industry have successfully formed ethical walls between different employee groups yet lack the policy-specific email controls to centrally manage email exchanges, especially between shared functions such as HR and IT. Without effective internal email safeguards in place, these studies suggest that organizations run a greater risk of incurring costly penalties in violation of FERC.

"Meeting compliance mandates, such as FERC, head-on is critical to the trustworthiness and ultimately the success of companies in highly regulated industries," said Brian Babineau, Senior Analyst with Enterprise Strategy Group (ESG). "With Order 717 adding responsibility onto already overburdened senior management, organizations must find ways to automate policy enforcement and report on the effectiveness of controls. MessageGate provides an active form of secondary insurance against a potential FERC violation or corporate data breach by enforcing corporate communication policies consistently, which allows energy and gas providers to focus on their core business and customers."

According to the results collected in recent MAP audits, organizations are still lacking the necessary policy controls, training and education required to maintain a "culture of compliance" and are at risk of violating FERC Order 717. The following tactics can help organizations comply with the recent FERC update Order 717 and avoid costly missteps:

• Maintain equal market opportunities for all resellers:While ethical walls only control communications between marketing function employees and marketing affiliates, FERC requires that shared employees must also observe ethical walls to preserve ongoing communications. Manage intentional and unintentional employee misuse by allowing only compliant messages that adhere to FERC's "no conduit" rule, by monitoring and immediately acting upon inbound and outbound content, as well as messages sent within an organization, including attachments, all in real-time.
• Foster a culture of compliance and execution: The responsibility of maintaining a culture of compliance falls increasingly on the heads of senior management at regulated entities. Initiating a proactive email security and archiving solution that implements technology and written policies for compliance protects employees at all levels. The automatic identification and prevention of policy violations can also enable management to educate employees and help change their individual behavior, reinforce proper practices and instill a culture of compliance.
• Create and manage flexible email user groups to prevent unintentional email misuse: Under Order 717, gas and electric companies must control communication between transmission function employees and energy and market affiliates. Insufficient email controls and casual email misuse at the employee level can lead to potential data leaks and leave the door open to e-discovery problems. Consider a flexible policy engine that can be used to proactively create and apply email controls and policies specific to FERC and maintain separation required between user groups.
• Measure compliance in real time: Energy and gas companies that lack a clear understanding of what is happening within their email systems at any point in time decrease their ability to prevent violations and become at risk of violating FERC. Through a proactive email security and archive management solution, organizations can stop the risk of incident within email traffic in real-time and provide IT with the ability to review and monitor emails within the live email stream through a network implementation.
• Provide real-time blocking and re-routing of outbound emails: For utilities companies to meet FERC requirements, a proactive email risk management approach is required in order to block and prevent restricted information contained within email from ever reaching restricted individuals based on group designations, or the parameters of content in the message or attachment. Providing real-time blocking and re-routing of outbound email can make the difference between being in compliance and costly legal fines.

"As regulation in the energy and gas industry continues to tighten, organizations of all sizes are pressed to take a proactive approach to email risk management, implementing email controls and policy enforcement that can be enforced in real-time," said Norbert Orth, president and CEO for MessageGate. "With a history of helping companies navigate through increasingly complex regulations, such as FERC, MessageGate provides the critical foundation required for any organization's proactive approach to building a culture of compliance."

MessageGate facilitates enterprise email risk management through email controls and risk management software that incorporate active security and archive policies. The company promotes proper email use through activity profiles, archive categorization and policy enforcement.

About MessageGate
With a simple and practical approach, MessageGate provides software and services for enterprise email controls to leading companies worldwide. From product to architecture, MessageGate makes a company's experience with email management both simple and secure. Helping companies cope with threats, improve archival and retrieval activities, and ensure proper usage across a variety of industries, MessageGate's offerings include MessageGate Activity Profile (MAP), MessageGate Policy Enforcement, and MessageGate Archive Categorization. For more information, visit www.messagegate.com.

SOURCE: MessageGate, Inc.