Description #

Information Rights Management (IRM) is a technology that allows the creator of a document or email to control who can access, modify, and share the content. IRM protection can be necessary when the content of the email is sensitive, confidential, or subject to regulatory compliance, and needs to be protected from unauthorized access or sharing. Here are some scenarios when applying IRM protection to an email may be necessary:

• Sharing confidential information. If you are sharing sensitive or confidential information, such as financial data, legal documents, or personal data, you may want to apply IRM protection to the email to ensure that only authorized individuals can access it.

• Collaborating on sensitive projects. If you are working on a project with a team and sharing project-related information via email, you may want to apply IRM protection to the email to prevent unauthorized access or sharing of the information.

• Communicating with external parties. If you are communicating with external parties, such as vendors, customers, or partners, you may want to apply IRM protection to the email to protect any sensitive or confidential information that you may be sharing.

• Compliance with regulations. If your organization is subject to regulatory compliance, such as GDPR, HIPAA, or PCI-DSS, you may need to apply IRM protection to emails containing sensitive or personal data to ensure that you are complying with the regulations.

IT Partner responsibilities #

1. Plan IRM rules and policies together with Client.
2. Deploy IRM rules to apply them manually and automatically and meet business governance and compliance needs each time a user creates a new message.
3. Check that the IRM protection is compatible with the recipients’ email systems and that they have the necessary setup and permissions to view the protected content.

Client responsibilities #

1. Provide access to the tenant.
2. Provide sufficient permissions.
3. Collaborate with IT Partner to define the scope and requirements.

Plan #

1. Create rules that will search messages for specified conditions and apply IRM accordingly.
2. Specify the recipients who will have access to the protected information.
3. Add any additional controls or restrictions, such as allowing printing or blocking copying.
4. Test and verify that the specified sender can send IRM-protected messages.
5. Communicate to the client that the email service description is protected by IRM and that they should only share it with authorized individuals who have been granted access.

Success criteria #

1. IRM protection is successfully applied to emails, and the information is protected from unauthorized access or disclosure.