IT executives need to adopt rigorous processes for complying with corporate and regulatory policies to make sure they meet requirements and avoid punitive actions, according to a keynote address today at Interop.

For instance, e-mail needs to be archived in accordance with internal rules as well as demands of legal mandates for storing business records, says Mark Bregman, CTO of Symantec. "You have to keep information as long as required for internal or external policies," he says.

These policies may differ, creating complex problems for managing the data, he says. "70% of businesses in the U.S. have multiple requirements for mandates that overlap," he says.

Such policies and regulations may exist for e-mail, data centers, storage, backup and other areas of corporate networks, Bregman says. The chore of managing all these factors can overwhelm IT staff, forcing them to spend more money on operations than on critical infrastructure investment, he says.

In addition, regulatory constraints may be written in legalese that doesn't translate well into practical deployment policies that can be implemented by IT departments, he says.

To deal with these complexities, businesses should first assess the risk involved with not protecting assets and write clear policies for protecting those deemed essential. Then they need to work out an implementation plan and figure out how to manage these assets and the protections they put in place, he says.