×
[WEBINAR] Mattermost Copilot Demo: AI-Enhanced Collaboration
  • Platform

    Platform

    • Overview
    • Channels
    • Playbooks
    • Integrations
    • Mobile
    • Security
    • Trust Center

    Interoperability

    • MS Teams
    • Atlassian
    • GitLab

    Flexible Deployment

    • On-Premise
    • Cloud
  • Solutions

    Use Cases

    • Purpose-Built Collaboration Hub
    • Self-Sovereign Collaboration
    • Mission-Critical ChatOps
    • Real-Time DevSecOps Collaboration
    • Integrated Security Operations
    • Out-of-Band Incident Response

    Industries

    • Critical Infrastructure
    • Defense
    • Technology
    • Global Public Sector
    • Financial Services
    • Energy and Utilities
    • Manufacturing
  • Customers

    Customers

    • USAF
    • Fujitsu
    • RTE
    • CERN
    • NRI
    • Pramacom
    • Crossover Health
    • Netfoundry
    See more customer stories »
  • Pricing
  • Partners

    Partners

    • Become a Partner
    • Partner Program
    • Deal Registration
  • Resources

    Resources

    • Resource Library
    • Blog
    • Demos
    • Events

    Documentation

    • Academy
    • Channels Guide
    • Playbooks Guide
    • Admin
    • Docs
    • API Reference
    • Release Notes

    Community

    • Join Community
    • Contribute
    • Deploy
    • Integrate
    • Download
  • Login

    Login

    • My Workspace
    • Admin Portal
    • Apps
    • Support
  • Contact Sales
Contents Menu Expand Light mode Dark mode Auto light/dark mode
Mattermost documentation
Mattermost documentation
  • About Mattermost
    • Mattermost overview
    • Use cases
      • Mattermost for Microsoft Teams
      • Secure command and control
      • DevOps collaboration
      • Incident response collaboration
    • Security overview
    • Integrations overview
    • Subscription overview
    • Self-hosted subscriptions
    • Cloud subscriptions
    • Editions and offerings
    • Releases and life cycle
      • Release policy
      • Server
        • Server releases
        • v10 changelog
        • v9 changelog
        • Unsupported legacy releases
        • Version archive
      • Desktop
        • Desktop releases
        • Desktop app changelog
      • Mobile
        • Mobile releases
        • Mobile apps changelog
      • Removed and deprecated features
    • Corporate directory integration
    • Certifications and compliance overview
    • Frequently asked questions (FAQ)
      • General Mattermost questions
      • Community questions
      • Notifications questions
      • Video, audio, and screen sharing questions
      • Enterprise questions
      • License questions
      • Integration questions
      • Use cases
      • Product questions
      • High trust questions
      • Design decision questions
      • Business questions
      • Illicit use questions
  • Deploy Mattermost
    • Migrate from MySQL to PostgreSQL
      • Automate PostgreSQL migration
      • Manually migrate to PostgreSQL
    • Prepare your Mattermost database
    • Deploy on Ubuntu
    • Deploy using Docker
    • Deploy with a tarball
    • Deploy using Omnibus
    • Deploy using Kubernetes
    • Deploy on Red Hat
    • Set up an NGINX proxy
    • Set up TLS
    • Prepare for your Mattermost deployment
      • Software and hardware requirements
      • Manage the Mattermost Kubernetes Operator
      • Administrator tasks
      • Architecture overview
      • Plan your Mattermost implementation
      • Enterprise roll out checklist
      • Welcome email template
    • Deployment guides
      • Server deployment
        • Deployment overview
        • Set up a socket-based Mattermost database
        • Image proxy
        • Backup and disaster recovery
        • Encryption options
        • Configure transport encryption
          • Configuring proxy to Mattermost transport encryption
          • Configuring database transport encryption
          • Configuring cluster transport encryption
        • Bleve search
        • Trial Mattermost using Docker
      • Desktop and mobile app deployment
        • Desktop app deployment guide
        • Desktop MSI installer and group policy installation guides (Beta)
        • Desktop App custom dictionaries
        • Desktop managed resources
        • Using Mattermost’s pre-built mobile apps
        • Testing push notifications
        • Deploy Mattermost mobile apps
        • Mobile push notifications
        • Building and distributing your own custom Mattermost mobile apps
        • Deploying mobile apps using an EMM provider
        • AppConfig for EMM solutions with Mattermost Mobile Apps
        • Mobile VPN options
        • Mobile apps FAQ
        • Client-side data storage FAQ
    • Upgrade Mattermost
      • Important upgrade notes
      • Prepare to upgrade Mattermost
      • Upgrade Mattermost Server
      • Enterprise install and upgrade
      • Install a license key
      • Downgrade Mattermost Server
    • Scale Mattermost
      • Scale for Enterprise
      • Scale up to 100 users
      • Scale up to 1000 users
      • Scale up to 15000 users
      • Scale up to 25000 users
      • Scale up to 50000 users
      • Scale up to 70000 users
      • Scale up to 79000 users
      • Scale up to 88000 users
      • High availability cluster
      • Elasticsearch
      • Collect performance metrics
      • Deploy Prometheus and Grafana for performance monitoring
      • Performance monitoring metrics
      • Mattermost performance alerting guide
    • Deployment troubleshooting
      • General troubleshooting
      • Troubleshooting your high scale deployment
      • Troubleshooting mobile applications
      • PostgreSQL installation troubleshooting
      • MySQL installation troubleshooting
    • Additional server installation guides
      • Deploy Mattermost on Bitnami
      • AWS Elastic Beanstalk Docker setup
      • Install Mattermost Team Edition in GitLab Helm Chart
      • Open source components
  • Manage Mattermost
    • Get started
      • Mattermost feature labels
      • Optimize your workspace
      • Mattermost configuration settings
      • Self-hosted edition and license
      • Cloud subscription, billing, and account
      • Reporting configuration settings
      • User management configuration settings
      • Environment configuration settings
      • Site configuration settings
      • Authentication configuration settings
      • Plugins configuration settings
      • Enable Copilot
      • Manage user surveys
      • Integrations configuration settings
      • Compliance configuration settings
      • Experimental configuration settings
      • Deprecated configuration settings
      • Environment variables
      • Provisioning workflows
      • Multi-factor authentication
      • Active Directory/LDAP
      • GitLab SSO
      • OpenID SSO
      • Google SSO
      • Office 365 SSO
      • Advanced permissions
      • System admin roles
      • Manage team and channel members
      • Custom branding tools
      • Export channel data
      • eDiscovery
      • Compliance monitoring
      • Compliance export
      • Legal hold
      • Data retention tools
      • Custom terms of service
      • Notify Admin
      • AD/LDAP groups
      • Use AD/LDAP synchronized groups to manage team or private channel membership
      • Guest accounts
      • SAML Single Sign-On
        • Okta SAML Configuration
        • Generate self-signed certificates
        • OneLogin SAML Configuration
        • Microsoft ADFS SAML Configuration for Windows Server 2012
        • Microsoft ADFS SAML Configuration for Windows Server 2016
        • Keycloak SAML Configuration
      • SAML Single-Sign-On: technical documentation
      • Shared channels
      • Statistics
      • In-product notices
      • User satisfaction surveys
      • Health check
      • Announcement banner
      • Bulk export tool
    • Cloud workspace management
      • Workspace usage
      • Workspace migration
      • Cloud data residency
      • Cloud IP Filtering
      • Cloud Bring Your Own Key (BYOK)
    • Self-hosted administration
      • Mattermost self-hosted billing
      • Mattermost error codes
      • Store configuration in your database
      • Bulk loading data
      • SMTP email setup
      • Email templates
      • Calls deployment
      • Configure CloudFront to host static assets
      • Use an outbound proxy
      • Migration guide
      • Migrate from Slack
      • Chinese, Japanese, and Korean search
      • Customize Mattermost
      • Mattermost logging
      • JSON audit log schema
      • SSL client certificate setup
      • Certificate-based authentication
      • Manage telemetry
    • Other resources
      • Convert OAuth 2.0 providers to OpenID Connect
      • Generate a support packet
      • mmctl command line tool
      • Migration announcement email template
      • Advanced permissions infrastructure
      • Command line tools
  • Use Mattermost
    • Connect and collaborate
      • Access your Mattermost workspace
        • Install the desktop app
        • Install the iOS mobile app
        • Install the Android mobile app
        • Log out of Mattermost
      • Organize using teams
        • Team settings
        • Team keyboard shortcuts
      • Organize using custom user groups
      • Invite people
      • Learn about Mattermost roles
      • Collaborate within channels
        • Channel types
        • Channel naming conventions
        • Communicate a channel's focus and scope
        • Create channels
        • Rename channels
        • Convert public channels to private channels
        • Convert group messages to private channels
        • Join and leave channels
        • Make calls in Mattermost
        • Manage channel members
        • Browse channels
        • Navigate between channels
        • Mark channels as favorites
        • Mark channels as unread
        • Archive and unarchive channels
      • Collaborate within Microsoft Teams
      • Chat with Copilot
      • Communicate with messages and threads
        • Send messages
        • Reply to messages
        • React with emojis and GIFs
        • Organize conversations
        • Mark messages as unread
        • Forward messages
        • Share links to channels and messages
        • Save and pin messages
        • Set message reminders
        • Search for messages
        • Format messages
        • Set message priority
        • Mention people
        • Share files in messages
      • Keyboard shortcuts
        • Keyboard accessibility
        • Run slash commands
        • Built-in-slash-commands
      • Extend Mattermost with integrations
    • Build repeatable processes
      • Learn about playbooks
      • Work with playbooks
      • Work with runs
      • Work with tasks
      • Work with notifications and updates
      • Work with metrics and goals
      • Share and collaborate
      • Interact with playbooks
    • Customize your preferences
      • Manage your notifications
      • Customize your Mattermost theme
      • Customize your channel sidebar
      • Manage your profile
      • Manage your security preferences
      • Set your status & availability
      • Manage your display options
      • Manage your sidebar options
      • Manage advanced options
      • Customize your desktop app experience
      • Connect to multiple workspaces
  • Integrate and extend
    • GitHub interoperability
    • GitLab interoperability
    • Jira interoperability
    • Microsoft Teams interoperability
    • ServiceNow interoperability
    • Zoom interoperability
  • Develop with Mattermost
  • Get help with Mattermost
  • Join our community
  • Learn how we work
  • Contribute to this documentation
Back to top
Edit this page

Legal hold#

plans-img Available on Enterprise plans

deployment-img self-hosted deployments

A legal hold, also known as a litigation hold, is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. It’s a requirement established by the Federal Rules of Civil Procedure (FRCP) in the United States and similar laws in other jurisdictions.

Primary use cases include:

  1. Litigation: In anticipation or in the event of a lawsuit, organizations need to preserve all relevant documents and electronic data to ensure they can adequately defend their position. A failure to do so could result in court penalties.

  2. Regulatory investigation: If an organization is being investigated by a regulatory body, it may be required to preserve and produce certain documents or data.

  3. Audits: During an audit, whether internal or external, an organization might need to put a hold on certain data that is relevant to the audit.

  4. Records management: In some cases, organizations might use a legal hold to temporarily suspend the deletion of data that would otherwise be purged as part of its records management policy.

Mattermost is used as a secure collaboration hub by technical and operational teams, with critical documents and data shared on a daily basis. Thus, legal hold is a key requirement for Enterprises and public sector organizations who have deployed Mattermost for their teams, to meet compliance & auditory requirements while minimizing risk.

Legal hold demo (Sneak Peek)#

Check out this YouTube sneak peek demo to learn about Mattermost’s legal hold workflow.

Below are step-by-step instructions on how to carry out a legal hold for Mattermost with XML-formatted data, Amazon S3 file storage, and archiving and compliance tools, such as Smarsh.

How to carry out a legal hold#

Step 1: Upgrade to Mattermost Enterprise#

Legal hold is available in Mattermost Enterprise. Learn more about the Enterprise plan & request a quote online at https://mattermost.com/pricing/

Step 2: Establish a legal hold policy#

Establish a policy for when to implement a legal hold. This should be developed in consultation with your legal counsel and should include procedures for identifying relevant custodians (those who have potentially relevant information).

Establishing a legal hold policy first enables you to configure the Mattermost system correctly to meet your compliance & auditory requirements, minimizing associated risk.

Step 3: Enable legal hold in Mattermost#

1 - Configure your file storage as Amazon S3#

  1. In Mattermost, go to System Console > Environment > File Storage.

  2. Set the File Storage System to Amazon S3.

  3. Connect the Amazon S3 storage with Mattermost by specifying the S3 bucket name, prefix, AWS region, and hostname. You may optionally specify the access keys if using IAM roles, and you can optionally specify a separate S3 Bucket than the one configured for your Mattermost server.

  4. Learn more about file storage configuration options in our product documentation.

Note

  • For legal hold, only Amazon S3 is supported at this time, for increased reliability, compliance and automation capabilities.

  • Support for additional file storage options such as MinIO or local file storage are under consideration.

  • You may also optionally use our API to preserve data for legal hold. See our electronic discovery product documentation to learn more.

2 - Enable compliance exports#

Enable compliance exports containing all messages and file uploads in an XML format to your AWS S3 file storage.

The exports include information on channel member history at the time the message was posted, which is critical information for some legal hold use cases. Entries for deleted messages and files are also included.

  1. In Mattermost, go to System Console > Compliance > Compliance Export.

  2. Set Enable Compliance Exports to true.

  3. Set the Compliance Export time. Choose a time when fewer people are using your system, such as 2:00AM your local time.

  4. Set the export file format to Actiance XML.

  5. Learn more about compliance export configuration options in our product documentation.

Note

  • For legal hold, only XML format is supported at this time.

  • Support for additional file formats, such as CSV or EML, are under consideration.

3 - Leverage compliance API in your DLP tool of choice#

Connect it directly to the Amazon S3 bucket where compliance exports are stored. Our recommended DLP tool of choice is Smarsh. Learn more about their legal hold & e-discovery processes in their documentation.

You may optionally also use other tools that connect with Amazon S3, such as Active360, AwareHQ, Onna, or Trellix, though our team will be able to provide limited support using these tools.

4 - (Optional) Configure a data retention policy#

This is typically implemented alongside legal hold, though is not required.

  1. In Mattermost, go to System Console > Compliance > Data Retention Policies.

  2. Set either a Global retention policy that applies to all messages and files older in your system, or a custom retention policy for specific teams or channels.

  3. Learn more about data retention configuration options in our product documentation.

Step 4: Identify custodians#

Select the individuals or user groups that you want to place on legal hold.

Step 5: Initiate legal hold#

Use the built-in functionality in Smarsh to specify one or more custodians for legal hold, and the number of days the custodian(s) are placed on legal hold.

While the legal hold is in place, you may edit it by adding or removing custodians, as well as access the preserved data.

Step 6: Release legal hold#

Once the legal hold has completed, release it in Smarsh. This action will take custodians off of the legal hold.

Frequently asked questions#

Who can implement legal hold?#

Only Mattermost system administrators can implement a legal hold.

Does a user know if they’re placed under a legal hold in Mattermost?#

No, users will not be notified if they’re placed under a legal hold. This allows for investigations to be conducted without influencing user behavior and without conflicts of interest.

What types of content does legal hold cover?#

The legal hold covers all messages and file uploads shared in conversations where the legal hold is active, including messages posted by plugins, bots or webhooks. This includes messages or files shared in public channels, private channels, direct messages and group messages.

However, legal hold does not apply to reactions, playbooks, or audio calls.

Can users delete their messages while on a legal hold?#

Yes, users can delete messages, but they are retained for the purposes of legal hold when implemented with the aforementioned steps.

Can a legal hold be applied retroactively to collect past data?#

Yes, but this is only guaranteed for existing and future messages/files once legal hold is activated. It won’t recover messages or files that were deleted before the legal hold was activated.

Is legal hold the same as e-discovery?#

No. While they serve a related use case, they are not the same.

Legal hold is an initial step to ensure relevant electronically stored information (ESI) is preserved. On the other hand, e-discovery is a multi-step process that uses this preserved data to identify, collect, preserve, process, review, and produce ESI in the context of a legal or investigative process.

How do I enable e-discovery for Mattermost?#

Learn more about extracting data for e-discovery in our product documentation.

Tell us more!

Your feedback helps us improve the Mattermost product documentation.

How can we make this page more helpful?

0/186

Have a feature request? Share it here.

Having issues? Join our Community server.

×
Thank you!

We appreciate your feedback.

Did you find what you were looking for?

😀

Yes

 😐

Mostly

 🙁

No!
Next
Data retention policy
Previous
Compliance export
Copyright © 2015-2024 Mattermost
Made with Sphinx and @pradyunsg's Furo
On this page
  • Legal hold
    • Legal hold demo (Sneak Peek)
    • How to carry out a legal hold
      • Step 1: Upgrade to Mattermost Enterprise
      • Step 2: Establish a legal hold policy
      • Step 3: Enable legal hold in Mattermost
        • 1 - Configure your file storage as Amazon S3
        • 2 - Enable compliance exports
        • 3 - Leverage compliance API in your DLP tool of choice
        • 4 - (Optional) Configure a data retention policy
      • Step 4: Identify custodians
      • Step 5: Initiate legal hold
      • Step 6: Release legal hold
    • Frequently asked questions
      • Who can implement legal hold?
      • Does a user know if they’re placed under a legal hold in Mattermost?
      • What types of content does legal hold cover?
      • Can users delete their messages while on a legal hold?
      • Can a legal hold be applied retroactively to collect past data?
      • Is legal hold the same as e-discovery?
      • How do I enable e-discovery for Mattermost?