Exit Strategy for Stopping the Use of Zivver

Introduction

This document describes the recommended exit strategy when an organization decides to stop using Zivver as their preferred secure email solution.

This strategy covers the following topics:

1. Suspension and deletion of your Zivver organization.
2. Review of Communication.
3. Export user data.
4. Export audit logs.
5. Remove Zivver Clients.
6. Remove Zivver SyncTool.
7. Remove SMTP connections.
8. Remove Zivver related DNS records.
9. Remove SSO Connection.
10. Review of network changes.
11. Additional Zivver organizations.

1. Suspension and Deletion of Your Zivver Organization

The first steps of the exit strategy is deciding on when the Zivver organization can be suspended and deleted. Suspending the Zivver organization allows you to perform all the steps from this exit strategy, such as exporting all sent and received Zivver messages.

When a Zivver organization is suspended, members of that Zivver organization can no longer log in to Zivver. This includes Zivver admins and is independent of if a Single Sign-On (SSO) connection is set up or not. Senders that sent a secure message to members of a suspended Zivver organization will receive a notification within the Zivver conversation, that the recipient is suspended and thus can no longer read the conversation.

It is important to keep the period as short as possible between suspending your Zivver organization and deleting it. As during the suspension period your organization temporarily can’t receive Zivver message. Once the Zivver organization is deleted your organization can receive Zivver messages as being a guest recipient, that is no longer using Zivver with a license.

2. Review of Communication

Review any internal and external communication about secure emailing with Zivver. Inform employees, suppliers, partners, citizens, clients, patients etc. about the fact that your organization will no longer be using Zivver to securely communicate sensitive information. If possible make sure to communicate and end date from which on Zivver will no longer be used.

Check the website, intranet, e-mail signatures, etc. for any relevant information and/or documentation that mentions the use of Zivver by your organization.

3. Export User Data

Create an export of every Zivver message that your organization sent out or received. This can be done via an FTP export (File Transfer Protocol) with an FTP Client (such as FileZilla).

The FTP export allows you to export Zivver messages unencrypted in EML format (Electronic Mail), which can be opened in an email clients (such as Microsoft Outlook).

Follow the link for more information on creating an FTP export for your organization: Export user data via FTP

4. Export Audit Logs

Export the monthly audit logs from the archive. These exports are in CSV format. Every log file will contain information about which changes are made to your Zivver organization by a given Zivver admin on a specific moment in time.

Follow the link for more information on how to export the monthly audit logs from the archive: View events in the WebApp

5. Remove Zivver Clients

Remove any of the following Zivver Clients that employees currently use to securely communicate with Zivver:

• Zivver for Outlook Windows / Zivver Office Plugin.
• Zivver for Outlook Online / Zivver OWA add-in.
• Zivver for Gmail / Zivver Chrome Extension.
• Zivver for Android or iOS / Zivver Mobile App.

Zivver for Outlook Windows / Zivver Office Plugin

Remove the Zivver Office Plugin that employees use to securely communicate from within Microsoft Outlook desktop. If applicable, use the installation script that your organization uses to install the Zivver Office Plugin to deinstall it. Do not forget to remove any registry keys that are set when installing the Zivver Office Plugin.

Follow the link for more information on how to deinstall the Zivver Office Plugin and which registry keys might be removed: Zivver Office Plugin - Installation Manual

Zivver for Outlook Online / Zivver OWA add-in

Remove the Zivver OWA add-in that employees use to securely communicate from within Microsoft Online in a browser. Do note that it can take up to 72 hours for an add-in to be fully removed from Exchange Online.

Remove any Mail Flow Rule set up for Zivver and also the Trusted Websites settings in Internet Explorer.

Follow the link for more information on how to deinstall the Zivver OWA add-in from Exchange Online, including the additional settings: Installation manual Zivver OWA add-in

Zivver for Gmail / Zivver Chrome Extension

Remove the Zivver Chrome Extension that employees use to securely communicate from within Google Gmail. Delete the Service Account that was created during installation.

Follow the link for more information on how to deinstall the Zivver Chrome Extension and the corresponding Service Account: Install and configure the Zivver Chrome Extension

Zivver for Android or iOS / Mobile App

Remove the Zivver Mobile App on Android or iOS that employees use to securely communicate from their devices.

Follow the link for more information on how to remove the Mobile App when Microsoft Intune is used during the installation: Zivver Mobile App Installation Manual for Intune

6. Remove Zivver SyncTool

Remove the Zivver SyncTool if the organization has automated account provisioning by using the SyncTool to create, update and/or deleted Zivver accounts. Look up the installation directory of the SyncTool on the server that is used to host the SyncTool.

We recommend to keep the XML files that represent the synchronization profiles, and the stored synchronization log files. Both type of files are often stored in the installation directory of the SyncTool. All the other files related to the SyncTool can be removed.

Remove any related scheduled task in Windows Task Scheduler that is used to automatically run a sunchronization. Also delete the related Service Account if this is used to run the task.

Follow the link for more information on how to remove the Zivver SyncTool: Zivver SyncTool v2

7. Remove SMTP Connections

Remove SMTP connections that are set up with the Zivver SMTP Server. These connections can be set up in a mailserver (such as Microsoft Exchange), a Secure Email Gateway (such as Mimecast or Ironport) and/or an application (such as Salesforce).

Zivver offers different types of solutions that make use of a SMTP connection. Please check the ones that your organization is using:

• Zivver Mail Submission
• Zivver Plugin Assisted Mail Submission (PAMS)
• Zivver OWA Assisted Mail Submission (OWA-AMS)
• Zivver Encryption Gateway
• Zivver DLP Gateway

Zivver Mail Submission

Remove any connection set up with the Zivver SMTP connection from applications such as a CRM, DMS or an EHR. Mail Submission allows you to securely send messages from these applications. Check the available documentation from the application or ask the vendor of the application for more information on how to change and/or remove the SMTP connection.

Follow the link for more information on how to remove the SMTP connection with the Zivver SMTP server: Mail Submission

Zivver Plugin Assisted Mail Submission (PAMS)

Remove the PAMS set up in your mailserver or Secure Email Gateway (SEG) that is used to relay securely sent messages from Outlook desktop to the Zivver SMTP Server. PAMS enables third-party plugins for Outlook desktop to interact with the securely sent message. With PAMS it is also possible for server-side signature solutions to add a signature to the securely sent message from Outlook destop.

Follow the link for more information on how to remove the PAMS set up: Zivver Plugin Assisted Mail Submission (PAMS)

Zivver OWA Assisted Mail Submission (OWA-AMS)

Remove the OWA-AMS set up in your mailserver or Secure Email Gateway (SEG) that is used to relay securely sent messages from Outlook Online to the Zivver SMTP Server. OWA-AMS allows server-side signature solutions to add a signature to the securely sent message from Outlook Online.

Follow the link for more information on how to remove the OWA-AMS set up: Installation manual Zivver OWA add-in

Zivver Encryption Gateway

Remove the connection set up with the Zivver SMTP server from your mailserver or Secure Email Gateway (SEG) that is set up for Encryption Gateway. The Encryption Gateway allows you to relay specific messages that needs to be sent securely. This could be for instance done based on a specific Microsoft Purview label.

Follow the link for more information on how to remove the Encryption Gateway set up: Secure Relay

Zivver DLP Gateway

Remove connection set up with the Zivver SMTP server from your mailserver or Secure Email Gateway (SEG) that is set up for Zivver’s Data Loss Prevention (DLP) Gateway. DLP Gateway allows you to automatically, securely sent messages from any device or application without the need to use a Zivver Client.

Follow the link for more information on how to remove the DLP Gateway set up: Set up Smart Relay for Exchange Online

8. Remove Zivver Related Records from DNS

Remove the records in your DNS that are related to Zivver. Repeat these steps for every domain for which Zivver is implemented. Zivver offers the following two solutions for which Zivver related records need to be added to your DNS:

• Send on behalf of
• NTA 7516

Send on behalf of

For every domain for which Zivver is implemented remove the following types of records that are related to Zivver:

• SPF record
  • Your organization might no have included the Zivver SPF record as this is optional.
• DKIM record
• CNAME record

Follow the link for more information on how to remove the Zivver related DNS records: Zivver WebApp administrator manual

NTA 7516

For every domain for which Zivver is implemented and that is used to sent and receive messages in accordance to the Dutch NTA7516, remove the NTA7516 TXT record from the DNS.

Follow the link for more information on how to remove the NTA7516 TXT record from the DNS: NTA 7516 Compliance Handleiding

9. Remove SSO Connection

Remove the Single Sign-On (SSO) connection with Zivver from within your Identity Provider (IdP). Once the SSO connection is removed, employees can no longer sign in to Zivver using their work credentials.

Follow the link for more information on how to remove the SSO connection from your IdP: Single Sign-on Setup

10. Remove Zivver Related Changes to Your Network

Remove any change that is made to your network to make Zivver work. This can be a change to your proxy, firewall or Secure Email Gateway (SEG). Think about changes made to allow a Zivver Client to connect to the Zivver server. Or changes made to allow (internally) sent Zivver messages to be received.

Follow the link for more information on which changes need to be removed, which allowed the Zivver Office Plugin to connect to the Zivver server: Solve connection issues

11. Additional Zivver Organizations

If your organization used additional Zivver organizations for development or testing, repeat the above steps for these organizations.