|
Vendor Accent
Compliance: time to set the record straight
 In
recent years, compliance has become a hot topic in business because of some
high-profile cases where large corporations were fined for their failure to
keep proper records, says Sunny John.
New legislation and concerns about compliance have put data storage at the
top of the business agenda. But rather than adding an extra expense, this creates
an opportunity to implement best practices in data protection and improve the
methods used for back-up, recovery and archiving.
If companies can get their storage strategies right, they not only insure themselves
against prosecution but also establish a technology foundation on which to build
compliance and move towards future data management capabilities such as information
lifecycle management.
Storage strategies should not isolate compliance as a separate issue but incorporate
it as the central requirement. Developing strategies should also create an opportunity
for line-of-business managers to partner with IT departments, sharing knowledge
and working towards mutual goals.
Even though compliance is primarily a technological issue, just buying a product
can’t solve the problem. Compliance is not a technology decision but a
combination of processes and procedures incorporated into an efficient foundation
of back-up, recovery and archiving. This means every enterprise must draw up
a plan for its storage of data, then execute this plan in a variety of different
business functions so that everyone has the same rulebook. If the plan is executed
well, it will also add value to the information owned by the organisation.
Ever-increasing data
|
Compliance is not a technology
decision but a combination of processes and procedures incorporated into
an efficient foundation of back-up, recovery and archiving
|
Business is increasingly dependent on data and digital storage devices. Fast
and easy access to live and historical data is essential to business success,
adding value and reducing costs.
More than 90 percent of the information generated by business
today is in digital format, and 70 percent is never printed. Because digital
devices are so intelligent and easy to use, people produce much more data—thus
creating new problems for storage. According to IDC, the number of business
e-mail sent every day would be over 60 billion by
2006, with 60 percent stored in messaging systems.
Apart from information overload, the chief problem is that the data is usually
stored on a wide range of devices in different locations; this makes it much
harder to manage and also tends to lower productivity.
Data protection
To ensure compliance and management of data, companies need strategies for data
protection that take account of three factors: existing regulations for the
storage of records, litigation risks, and internal operational use of the data.
Besides obeying the law, it is also important to ensure efficient back-up, recovery
and archiving to meet basic business objectives such as cost reduction, risk
management, productivity improvement and operational efficiency. It’s also
important to make sure that all records are centrally managed, otherwise end-users
have too much responsibility and may delete data—by accident or by design.
Therefore, to make the plan work, every user should be trained.
Data protection should focus on administrative, technical and physical criteria—digital
as well as documents. Compliance requirements for digital data can be classified
in four main categories: integrity, retention, accessibility and auditability.
The systems used for back-up, recovery and archiving provide the foundation
for meeting these requirements.
Organisations need to maintain an available, verifiable and intact copy of data.
A solid framework of automated back-up infrastructure, procedures, verification
and offsite vaulting is needed to ensure data integrity even in the event of
physical or logical destruction.
Proper classification of data throughout its lifecycle is imperative. Regulations
may govern for how long data needs to be retained, and these requirements ought
to be part of the classification criteria. The requirements will, in turn, mandate
that data be stored in the most appropriate format and media, and migrated prudently.
Data accessibility requirements vary depending on their type. Organisations
need to be able to securely find and access data for discovery, so it’s
vital to establish recovery time objectives for different classes of data and
assign the data to the appropriate, most cost-effective storage device. Maintaining
a well-ordered index and search capability also helps recover the data.
Policy implementation
Beyond managing data, organisations must ensure that their policies are working.
A secure, controlled audit trail should be maintained to track data creation,
changes and deletion, as well as access, permission and structural changes.
An efficient foundation of back-up, recovery and archiving combines appropriate
technology and best operational practices. If the business gains control of
its storage environment, it can achieve compliance and evolve to meet future
business objectives. By using a flexible, evolutionary approach to data protection,
it is also possible to cut the cost of ownership and increase confidence in
the integrity of the stored data.
|
