State of Wisconsin
Division of Enterprise Technology (DET)
Enterprise E-mail Encryption
Service Offering Definition (SOD)
Enterprise E-mail Encryption - 2 - 12/3/2010
Document Revision History (Major Post Publishing Revisions Only)
Date Version Creator Notes
Enterprise E-mail Encryption -- 3 -- 12/3/2010
Table of Contents
Introduction ... 4
What Is Included ... 4
What Is Not Included ... 4
Benefits ... 5
Service Description ... 5
Service Period ... 5
Roles and Responsibilities ... 5
Performance Metrics (Monitoring/Alerting/Reporting) ... 6
Configuration Diagram ... 6
How Services Are Charged ... 6
Cost-Saving Tips ... 6
Enterprise E-mail Encryption - 4 - 12/3/2010
The Division of Enterprise Technology (DET) Enterprise E-mail Encryption Service provides a security appliance platform to encrypt outgoing E-mail. Agencies can utilize the E-mail Encryption services to protect data that contains personal health information or privacy information which is sent via E-Mail outside of the Enterprise email system. Protection of electronic data complies with recommendations made in Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). Once setup, the sender can initiate encryption through various means, including installing an e-mail client plug-in that allows them to encrypt a message with the click of a button, or e-mails can be encrypted automatically through administrator-configured rules and policies.
What Is Included
The DET Enterprise E-mail Encryption Service includes:
• The ability to send encrypted e-mail to recipients external to the Enterprise
E-mail System (or agency hosted e-E-mail system) by either Outlook Plug-in or automatically through administrator-configured policies
• Enterprise hosted policies for individual agencies, if so desired
• A single Enterprise library of terms
• Cisco Registered Envelope Services (CRES)
• Frequently Asked Questions (FAQ) document
• Administrator Guide
• Generic User Guide (this can be individualized for specific agency use by the
What Is Not Included
• Delegated administration of agency specific security policies (Creation of rules
which trigger automatic encryption) (These policies can be requested through the normal service request process)
• End user training
• Support of client-side plug-in
Enterprise E-mail Encryption - 5 - 12/3/2010
Enterprise E-mail Encryption will satisfy compliance requirements for regulatory requirements and recommendations such as Payment Card Industry (PCI), HIPAA, and HITECH. Agencies that subscribe to this service will be able to ensure protected data is encrypted from the IronPort appliance to the receiving customers mailbox. Since the E-mail Encryption is integrated into the Cisco IronPort security appliances, this allows for a simpler e-mail encryption infrastructure and lower capital and operational costs to the subscribing agencies.
The Division of Enterprise Technology (DET) Enterprise E-mail Encryption Service provides an opportunity for agencies to employ e-mail encryption to protect all privileged and private data in outgoing e-mail to external customers or business partners.
This service will allow state agencies to comply with electronic data protection recommendations made in Health Insurance Portability and Accountability Act
(HIPAA) and the subsequent Health Information Technology for Economic and Clinical Health Act (HITECH). PCI requirements also include securing the transmission of credit card holder data – if sent over a public network.
Once e-mail encryption has been configured for the licensed end users, the sender can initiate encryption through various means, including installing an e-mail client plug-in that allows them to encrypt a message with the click of a button or e-mails can be encrypted automatically through administrator-configured policies.
If agencies choose to allow their licensed end users to encrypt messages on demand through the Outlook plug-in, the agency desktop support staff will be responsible for installing and maintaining the plug-in software.
If agencies choose to require their licensed end users to encrypt via administrator configured rules and policies, those policies need to be requested through the DET Service Request Process.
July 1 through June 30 reviewed and renewed bi-annually.
Roles and Responsibilities
Enterprise E-mail Encryption - 6 - 12/3/2010
Performance Metrics (Monitoring/Alerting/Reporting)
Reporting Metrics for the Enterprise E-mail Service will be determined at a later date.
How Services Are Charged
Email Encryption is charged based on an agreed upon license count and purchase per customer and is billable on a once a year basis within the first quarter of the fiscal year.
Any additional requested license purchases through the year will be billed
immediately based on a prorated published rate to coincide with the fiscal year. The additionally purchased licenses will then be added to the agency count for consecutive year billing. Active customers will be asked for updated
license count requirements each maintenance renew period and will be billed according to that new license count request, agreement and renewal.
Please see the DOA IT Services Rate Sheet for rate information.
Confirm that agency subscribers are actually using the E-mail Encryption Service. If not, reduce the agency license count accordingly.