The Impact of Compliance and Risk Management on Archival Storage Strategies

Electronic net media such as e-mail and instant messages have changed business to business transactions. The bulk of important business transactions such as contract negotiations, order issuance and acceptance, corporate communications and marketing programs, supply chain management, service and support, and investor relations are now done primarily using the Internet and these electronic media.

The legislative and regulatory burden on public companies, other businesses, and all industries have increased via the complex plethora of local, national, and international government and industry regulations. Detailed regulations seek to control financial records, legal and safety information, e-mail, instant messages, and access to personal and public records. The types of regulation data include record types to be retained (or data classes) and the retention period for each data class; best practice and storage technology for legal validity; and most important final destruction of expired records (or disposition).

Larger businesses have responded to the complexity of regulations by creating roles of Compliance Officer or Risk Management Specialist. They assess the burden of external regulation, defining their organizational internal risk management priorities and guidelines. Internal policies on archival storage are often exceeded while destruction of records is allowed to reduce corporate exposure.

This is also an opportunity for value-added channel partners to help these organizations. This is also an opportunity for the IT teams and departments to participate and share the challenges and business priorities of regulatory and risk management. Information Lifecycle Management (ILM) and flexible storage technologies including disk, optical and tape media are successful combinations.

Record authenticity requires the creation of multiple storage tiers (or classes) in order to meet cost efficiency and conform to availability and retention requirements. The multiple tiers allow data to be migrated to lower cost storage media and allow for reconfiguration and multi-site business continuity.

Tape-based storage is being supplanted by more disk-based storage systems for backup, archive, continuous data protection, and disaster management. Centralized storage provides benefits to administrators, users, and companies as well as the use of single networked tiered storage solutions.

Tape manufacturers have developed tape-based Write Once Read Many (WORM) technologies in response. These products including Advance Intelligent Tape (AIT), Linear Tape-Open (LTO), and Digital Linear Tape (DLT) use firmware and physical tabs to ensure data is not over written. Ultra Density Optical (UDO) is a disk technology that does not depend on firmware or physical tabs to ensure files can be written and not be erased or modified. UDO is considered “True” Write Once technology that provides unquestioned physical authenticity.

Record disposition is another major consideration. Destruction (or disposition) of data is at the heart of regulatory risk management. Detailed disposition is often specified. Deleting pointers to files or deleting keys to encrypted files is often not sufficient. Any files, encrypted or not, must be deleted on the storage media. Targeting sectors with a patterned sequence on magnetic disk media between 3 and 35 times ensures complete deletion of the content. This is called data shredding and set out in the Department of Defense specification DoD 5220.22-M.

Magnetic tape media is another story completely. Its sequential data format makes the deletion of discrete records or files impossible as deletion requires the physical rewriting of the media. CD and DVD optical formats used in consumer products suffer from the same limitation.

UDO media again offers a complete alternative to magnetic tape media and CD and DVD formats. Compliant Write Once UDO allows targeted files to be deleted with a single “shred” pass. Record level retention management is assured with full verification and no residual traces of the deleted files being left on the media.

Attributes other than record authenticity and disposition are also important. Access performance, capacity, media longevity, and total cost of ownership are also important factors. Networked compliant write once UDO media rates affirmative marks and low cost of ownership against the other media discussed here.

Read the entire white paper, The Impact of Compliance and Risk Management on Archival Storage Strategies, at http://www.bitpipe.com/detail/RES/1134587675_228.html

You may like these other stories...

Steve Jobs. Sergey Brin. Mark Zuckerberg. Each of these individuals, and their companies, are celebrated as changing the face of the technology. They all followed a similar path to success: excelling at one thing and...
Read more articles by Sally Glick here.While reading a recent article titled, "Bondage to Busyness," by Alan Morinis, I was struck by his reminder regarding how stressed and pressured we all are today. Our...
To assist firm leaders in making key decisions for the future, BKR International, one of the top 10 global accounting associations. recently put together a list of the five priorities managing partners must address...

Already a member? log in here.

Upcoming CPE Webinars

Sep 18
In this course, Amber Setter will shine the light on different types of leadership behavior- an integral part of everyone's career.
Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
Sep 30
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Oct 23
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.