The Impact of Compliance and Risk Management on Archival Storage Strategies

Electronic net media such as e-mail and instant messages have changed business to business transactions. The bulk of important business transactions such as contract negotiations, order issuance and acceptance, corporate communications and marketing programs, supply chain management, service and support, and investor relations are now done primarily using the Internet and these electronic media.

The legislative and regulatory burden on public companies, other businesses, and all industries have increased via the complex plethora of local, national, and international government and industry regulations. Detailed regulations seek to control financial records, legal and safety information, e-mail, instant messages, and access to personal and public records. The types of regulation data include record types to be retained (or data classes) and the retention period for each data class; best practice and storage technology for legal validity; and most important final destruction of expired records (or disposition).

Larger businesses have responded to the complexity of regulations by creating roles of Compliance Officer or Risk Management Specialist. They assess the burden of external regulation, defining their organizational internal risk management priorities and guidelines. Internal policies on archival storage are often exceeded while destruction of records is allowed to reduce corporate exposure.

This is also an opportunity for value-added channel partners to help these organizations. This is also an opportunity for the IT teams and departments to participate and share the challenges and business priorities of regulatory and risk management. Information Lifecycle Management (ILM) and flexible storage technologies including disk, optical and tape media are successful combinations.

Record authenticity requires the creation of multiple storage tiers (or classes) in order to meet cost efficiency and conform to availability and retention requirements. The multiple tiers allow data to be migrated to lower cost storage media and allow for reconfiguration and multi-site business continuity.

Tape-based storage is being supplanted by more disk-based storage systems for backup, archive, continuous data protection, and disaster management. Centralized storage provides benefits to administrators, users, and companies as well as the use of single networked tiered storage solutions.

Tape manufacturers have developed tape-based Write Once Read Many (WORM) technologies in response. These products including Advance Intelligent Tape (AIT), Linear Tape-Open (LTO), and Digital Linear Tape (DLT) use firmware and physical tabs to ensure data is not over written. Ultra Density Optical (UDO) is a disk technology that does not depend on firmware or physical tabs to ensure files can be written and not be erased or modified. UDO is considered “True” Write Once technology that provides unquestioned physical authenticity.

Record disposition is another major consideration. Destruction (or disposition) of data is at the heart of regulatory risk management. Detailed disposition is often specified. Deleting pointers to files or deleting keys to encrypted files is often not sufficient. Any files, encrypted or not, must be deleted on the storage media. Targeting sectors with a patterned sequence on magnetic disk media between 3 and 35 times ensures complete deletion of the content. This is called data shredding and set out in the Department of Defense specification DoD 5220.22-M.

Magnetic tape media is another story completely. Its sequential data format makes the deletion of discrete records or files impossible as deletion requires the physical rewriting of the media. CD and DVD optical formats used in consumer products suffer from the same limitation.

UDO media again offers a complete alternative to magnetic tape media and CD and DVD formats. Compliant Write Once UDO allows targeted files to be deleted with a single “shred” pass. Record level retention management is assured with full verification and no residual traces of the deleted files being left on the media.

Attributes other than record authenticity and disposition are also important. Access performance, capacity, media longevity, and total cost of ownership are also important factors. Networked compliant write once UDO media rates affirmative marks and low cost of ownership against the other media discussed here.

Read the entire white paper, The Impact of Compliance and Risk Management on Archival Storage Strategies, at

You may like these other stories...

Remember the old joke about the devil showing a guy around Hell? There were great parties, swimming pools, and sumptuous food. The guy liked what he saw, lived a bad life and went to Hell when he died. Upon arrival the devil...
Due to fierce competition in the accounting industry, some CPAs may feel pressure to compete for business using pricing alone. However, this is a losing battle in the long run: Competing on price will lead to the need for...
If the thought of blogging makes you as nervous as an executive facing an IRS audit, stop worrying. You can overcome your challenges with these tips.1. Blogging is good for business. You'll benefit as your blog displays...

Already a member? log in here.

Upcoming CPE Webinars

Aug 21
Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.
Aug 26
This webcast will include discussions of recently issued, commonly-applicable Accounting Standards Updates for non-public, non-governmental entities.
Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.