Omniva Inc.s Omniva Policy Manager 5.1 is an easy-to-manage tool set that can help companies running Microsoft Corp.s Exchange meet regulatory requirements and secure e-mail through policies. Policy Manager 5.1, which began shipping last month, can restrict and encrypt e-mail traffic based on a customizable rule set to help companies conform to Health Insurance Portability and Accountability Act and Sarbanes-Oxley Act requirements. Although Policy Manager is expensive25 client access licenses and one year of support costs $36,000it does a very good job of securing e-mail communications. In eWEEK Labs tests, we liked the flexibility we found when creating and managing rules. Omniva Policy Manager 5.1s Outlook client and its ability to encrypt external communications make this a compelling solution.The products core component is Policy Server, which provides the engine for managing policies and encrypting messages. In testing, we configured Policy Manager to restrict messages and configure message retention policy on a wide range of criteria, such as keywords and internal or external senders and recipients. We could also restrict privileges for printing and copying messages.Policy Server is also the engine that external recipients of encrypted messages use to view the message. When a message arrives in an external recipients in-box, he or she registers with Policy Server and views the message via a range of supported Web browsers. This will make Omniva particularly appealing for applications that must make sure data remains confidential, but there is no guarantee that recipients have access to state-of-the-art technology. We managed the system using the Omniva Policy Administrator Microsoft Management Console snap-in. The administrative console provides easy access to the key elements of managing the system. For example, the Rules Policy Wizard provides a very flexible way to manage rules and even create custom patterns searchable from within the message. Still, the ability to pull keywords from a stored dictionary list would be a nice addition. A few more preconfigured options, such as the ability to block messages based on attachment type, would be welcome as well. On the client side, a plug-in for Omniva supports Microsofts Outlook 97, 2000, XP and 2003. The plug-in enables users to set a messages expiration date and confidentiality options. We could manage many of these settings, as well as the users access to plug-in components, from Policy Administrator. We particularly liked that we could limit user access to the plug-in features. This gives companies an opportunity to phase in a rollout with training. Another nice touch is the ability to extend confidentiality to delegates created in Outlook. However, companies that use Outlook Web Access will need to consider using centrally managed policies to keep users from inadvertently sending messages without selecting security options. Managing message expiration was a straightforward process in tests. Policy Administrator can disable scheduled key deletion, so messages that would ordinarily expire wont in the event that a company needs to retain those messages. Archived messages can also be stored in clear text. The reporting features are a mixed bag. Policy Administrator has a good tool for examining policy history, client installation and key activity, but message statistics are basic, with minimal detail. Policy Administrator also lacks the message data. Technical Analyst Michael Caton can be reached at email@example.com.