TANDBERG Compliance Appliance Deployment Manual - page 9
3 Defining the compliance policy
5
3 Defining the compliance policy
3.1 What is a compliance policy?
To deploy the TCA in an organization you first need to understand its compliance team’s policy. This is
just a set of rules that define which conferences the team wants to record, how long they want to keep
the recordings and in what resolution. For example, an organization might need to record all video
conferences between the endpoints only in its boardrooms and store them for seven years in high-
definition, or keep the video for six months but the audio for seven years.
Understanding the compliance policy will enable you to work out how many TCAs are needed to
record the video conferences and how much storage the organization needs to keep the recordings.
Once you know the organization’s requirements you can consider any geographical or system aspects
that may affect how you implement the TCAs.
Depending on the requirements and the existing network configuration, you may be able to slot a TCA
in quite simply. On the other hand, you may need to deploy numerous TCAs and make significant
changes to the network, to endpoint addresses and various other aspects. Each customer will have
different requirements that you need to cater to, so this section explains how to work this out.
At the back of this guide there is a
Sample TCA calculator
spreadsheet that you can use to help you gather
the details you need and form an estimate. You can download this spreadsheet from ???URL???. We also
include a
Configuration Checklist
so that you can record the significant details of each site.
3.2 What to ask the Compliance & Risk team
In this step you need to talk to your customer’s Compliance & Risk team and help them to define their
policy. Aspects to define include:
which calls they want to record
whether or not they have to tell people that they are being recorded and does this vary by location
where they want to store the calls and in what format
whether they want to record just internal or external calls, or both
how long they want to retain the records.
Once you have the scope of the compliance requirement you can talk to the multimedia, telephony,
database and network administration teams to get some idea of what it will cost to do this. At the end of
this process you should be able to give the Compliance & Risk team some options and the likely cost of
each.