The Impact of Compliance and Risk Management on Archival Storage Strategies
Electronic net media such as e-mail and instant messages have changed business to business transactions. The bulk of important business transactions such as contract negotiations, order issuance and acceptance, corporate communications and marketing programs, supply chain management, service and support, and investor relations are now done primarily using the Internet and these electronic media.
The legislative and regulatory burden on public companies, other businesses, and all industries have increased via the complex plethora of local, national, and international government and industry regulations. Detailed regulations seek to control financial records, legal and safety information, e-mail, instant messages, and access to personal and public records. The types of regulation data include record types to be retained (or data classes) and the retention period for each data class; best practice and storage technology for legal validity; and most important final destruction of expired records (or disposition).
Larger businesses have responded to the complexity of regulations by creating roles of Compliance Officer or Risk Management Specialist. They assess the burden of external regulation, defining their organizational internal risk management priorities and guidelines. Internal policies on archival storage are often exceeded while destruction of records is allowed to reduce corporate exposure.
This is also an opportunity for value-added channel partners to help these organizations. This is also an opportunity for the IT teams and departments to participate and share the challenges and business priorities of regulatory and risk management. Information Lifecycle Management (ILM) and flexible storage technologies including disk, optical and tape media are successful combinations.
Record authenticity requires the creation of multiple storage tiers (or classes) in order to meet cost efficiency and conform to availability and retention requirements. The multiple tiers allow data to be migrated to lower cost storage media and allow for reconfiguration and multi-site business continuity.
Tape-based storage is being supplanted by more disk-based storage systems for backup, archive, continuous data protection, and disaster management. Centralized storage provides benefits to administrators, users, and companies as well as the use of single networked tiered storage solutions.
Tape manufacturers have developed tape-based Write Once Read Many (WORM) technologies in response. These products including Advance Intelligent Tape (AIT), Linear Tape-Open (LTO), and Digital Linear Tape (DLT) use firmware and physical tabs to ensure data is not over written. Ultra Density Optical (UDO) is a disk technology that does not depend on firmware or physical tabs to ensure files can be written and not be erased or modified. UDO is considered “True” Write Once technology that provides unquestioned physical authenticity.
Record disposition is another major consideration. Destruction (or disposition) of data is at the heart of regulatory risk management. Detailed disposition is often specified. Deleting pointers to files or deleting keys to encrypted files is often not sufficient. Any files, encrypted or not, must be deleted on the storage media. Targeting sectors with a patterned sequence on magnetic disk media between 3 and 35 times ensures complete deletion of the content. This is called data shredding and set out in the Department of Defense specification DoD 5220.22-M.
Magnetic tape media is another story completely. Its sequential data format makes the deletion of discrete records or files impossible as deletion requires the physical rewriting of the media. CD and DVD optical formats used in consumer products suffer from the same limitation.
UDO media again offers a complete alternative to magnetic tape media and CD and DVD formats. Compliant Write Once UDO allows targeted files to be deleted with a single “shred” pass. Record level retention management is assured with full verification and no residual traces of the deleted files being left on the media.
Attributes other than record authenticity and disposition are also important. Access performance, capacity, media longevity, and total cost of ownership are also important factors. Networked compliant write once UDO media rates affirmative marks and low cost of ownership against the other media discussed here.
Read the entire white paper, The Impact of Compliance and Risk Management on Archival Storage Strategies, at http://www.bitpipe.com/detail/RES/1134587675_228.html
Voice of the Editor
Which isn’t completely true. I mean, occasionally I drop by when I manage to sneak out of the nonstop frat party over at Going Concern, but I’m mostly a wallflower over there. I’m happy to say that I’ve been given express permission (or explicit orders, if you like) to wander over here to AccountingWEB more often.
Why is that, you might ask? My job is to replace the irreplaceable Gail Perry as Editor-in-Chief. What does that mean? I don’t really know! I think it’ll be fun getting a feel for things, throwing in my own thoughts here and there, and listening to the discussions you’re having about the accounting profession.