Craig we use Openfire [http://www.igniterealtime.org/projects/openfire/index.jsp] for our chat server and Exodus [ http://www.avvanta.com/ExodusSetup] for our internal instant messaging client, there is a add-on to the server that captures the chats and will store them if you need to archive them for compliancy or discovery purposes. We don't allow chat clients with outside capability, the same with the use of personal webmail inside the office to mitigate data leakage & liability issues not to mention limiting exposure to malware / viruses from that attack vector. Aaron Meyers Systems Administrator / Security Officer Oregon Student Assistance Commission P: 541-687-7433 www.osac.state.or.us From: oagitm-bounce@xxxxxxxxxxxxx [mailto:oagitm-bounce@xxxxxxxxxxxxx] On Behalf Of Craig Cole Sent: Tuesday, January 12, 2010 3:22 PM To: oagitm@xxxxxxxxxxxxx Subject: [oagitm] Instant Messaging Deployment Question regarding the use of Instant Messaging applications like Microsoft Live Communicator. Do you allow IM within your organization (internal) and if so, how are you addressing any "public record" issues? For example, do you capture IM traffic and back it up? Or is it treated more like a phone conversation? Thanks in advance. Craig _______________ Craig Cole IT Division Manager City of Salem 295 Church Street SE, Suite 210 ccole@xxxxxxxxxxxxxxx 503-588-6342