The Impact of Compliance and Risk Management on Archival Storage Strategies

Electronic net media such as e-mail and instant messages have changed business to business transactions. The bulk of important business transactions such as contract negotiations, order issuance and acceptance, corporate communications and marketing programs, supply chain management, service and support, and investor relations are now done primarily using the Internet and these electronic media.

The legislative and regulatory burden on public companies, other businesses, and all industries have increased via the complex plethora of local, national, and international government and industry regulations. Detailed regulations seek to control financial records, legal and safety information, e-mail, instant messages, and access to personal and public records. The types of regulation data include record types to be retained (or data classes) and the retention period for each data class; best practice and storage technology for legal validity; and most important final destruction of expired records (or disposition).

Larger businesses have responded to the complexity of regulations by creating roles of Compliance Officer or Risk Management Specialist. They assess the burden of external regulation, defining their organizational internal risk management priorities and guidelines. Internal policies on archival storage are often exceeded while destruction of records is allowed to reduce corporate exposure.

This is also an opportunity for value-added channel partners to help these organizations. This is also an opportunity for the IT teams and departments to participate and share the challenges and business priorities of regulatory and risk management. Information Lifecycle Management (ILM) and flexible storage technologies including disk, optical and tape media are successful combinations.

Record authenticity requires the creation of multiple storage tiers (or classes) in order to meet cost efficiency and conform to availability and retention requirements. The multiple tiers allow data to be migrated to lower cost storage media and allow for reconfiguration and multi-site business continuity.

Tape-based storage is being supplanted by more disk-based storage systems for backup, archive, continuous data protection, and disaster management. Centralized storage provides benefits to administrators, users, and companies as well as the use of single networked tiered storage solutions.

Tape manufacturers have developed tape-based Write Once Read Many (WORM) technologies in response. These products including Advance Intelligent Tape (AIT), Linear Tape-Open (LTO), and Digital Linear Tape (DLT) use firmware and physical tabs to ensure data is not over written. Ultra Density Optical (UDO) is a disk technology that does not depend on firmware or physical tabs to ensure files can be written and not be erased or modified. UDO is considered “True” Write Once technology that provides unquestioned physical authenticity.

Record disposition is another major consideration. Destruction (or disposition) of data is at the heart of regulatory risk management. Detailed disposition is often specified. Deleting pointers to files or deleting keys to encrypted files is often not sufficient. Any files, encrypted or not, must be deleted on the storage media. Targeting sectors with a patterned sequence on magnetic disk media between 3 and 35 times ensures complete deletion of the content. This is called data shredding and set out in the Department of Defense specification DoD 5220.22-M.

Magnetic tape media is another story completely. Its sequential data format makes the deletion of discrete records or files impossible as deletion requires the physical rewriting of the media. CD and DVD optical formats used in consumer products suffer from the same limitation.

UDO media again offers a complete alternative to magnetic tape media and CD and DVD formats. Compliant Write Once UDO allows targeted files to be deleted with a single “shred” pass. Record level retention management is assured with full verification and no residual traces of the deleted files being left on the media.

Attributes other than record authenticity and disposition are also important. Access performance, capacity, media longevity, and total cost of ownership are also important factors. Networked compliant write once UDO media rates affirmative marks and low cost of ownership against the other media discussed here.

Read the entire white paper, The Impact of Compliance and Risk Management on Archival Storage Strategies, at

You may like these other stories...

The Financial Accounting Standards Board (FASB) had hoped to issue a final standard on revenue recognition during the first quarter of this year. However, the standard-setting organization confirmed today that the timetable...
IRS revokes group’s tax exemption over anti-Clinton statementsGregory Korte of the USA Today reported on Monday that the IRS has revoked the tax-exempt status of a conservative-aligned charity, the Patrick Henry Center...
The Penn State Smeal College of Business is offering a new concentration of courses for accounting majors interested in entering careers in corporate accounting and financial management immediately upon earning their...

Upcoming CPE Webinars

Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.
Apr 30
During the second session of a four-part series on Individual Leadership, the focus will be on time management- a critical success factor for effective leadership. Each person has 24 hours of time to spend each day; the key is making wise investments and knowing what investments yield the greatest return.
May 1
This material focuses on the principles of accounting for non-profit organizations’ expenses. It will include discussions of functional expense categories, accounting for functional expenses and allocations of joint costs.