iStoRA: Regulations and Compliance

Regulations – like Sarbanes-Oxley (SOX), HIPAA, and SEC17a-4, to name just a few – are not just for the big companies. In many cases, small and mid-size companies must take action to comply with regulations as well. Most small businesses are barely managing basic backup and recovery effectively. Now they face the need to expand their backup and recovery infrastructure to manage and protect more data, more systematically, and over longer periods of time.

What are the regulations?
Sarbanes-Oxley (SOX) – federal legislation passed in 2000 to restore public trust in the nation’s financial markets, in the wake of Enron and other financial and accounting scandals. SOX applies to publicly traded companies and addresses the transparency and integrity of internal financial processes. It sets forth new records retention and financial reporting responsibilities, and holds CEOs and CFOs accountable for the accuracy of their financial statements.

Health Information Privacy and Accountability Act (HIPAA) – federal legislation passed in 1998 to address issues of patient privacy and access with regard to medical records. HIPAA mandates the retention of some medical data for the life of the patient plus five years, and calls for policies and procedures to insure the integrity, availability and privacy of electronic protected health information throughout the retention period.

SEC 17a-4 refers to Section 240.17a-4 of a regulation issued by the U.S. Securities and Exchange Commission (the SEC). Some key provisions of Sec 17a-4 are: preservation of records exclusively in a non-rewritable and non-erasable format, an audit record to verify data authenticity, redundant preservation of records separate from the original, and ready accessibility of records upon request.

Companies are re-assessing their data storage systems with an eye toward implementing an effective regulatory compliance program, while keeping costs down and minimizing the administrative burden. Widely publicized expectations of more stringent enforcement and penalties for non-compliance add to the urgency of implementation.

In the compliance environment, it’s clear that the business value of data varies considerably over its lifetime, and the differential cost of storing it on-line, near-line, or off-line is significant. At the same time, the cost-effectiveness of your long-term storage solution has to be balanced with the regulatory requirement for fast and efficient retrieval. Conventional backup / recovery systems, the choice of many SMB’s, are likely to be inadequate to meet this challenge, which highlights the inherent limitations of both tape (chiefly in data transfer speeds), and disk (chiefly in scalability and cost). Yet both disk and tape have specific advantages as well – and a backup / recovery solution that supports regulatory compliance needs to leverage those advantages to keep the cost affordable for the SMB.

Regulatory compliance also means special handling to ensure and verify data authenticity throughout the retention period. Both HIPAA and SEC 17a-4, for example, specify preservation of records exclusively in a non-rewritable, non-erasable format. This is typically done through write-once-read-many (WORM) protection technologies, as well as with write-verification processes that are part of the data management software. What’s more, regulations require businesses to ensure that data is appropriately deleted from storage at the end of the required retention period – calling for a data lifecycle management approach, rather than a strictly storage-focused approach.

What’s needed is a solution that meets the requirement for special handling of archival data, and has the intelligence to direct data to the most cost-effective and appropriate media for its value at any given time in the data lifecycle. Backup and recovery systems are not adequate. Disk-only and tape-only systems do not provide sufficiently fast access or cost effectiveness. But a disk-to-disk-to-tape (D2D2T) solution with the right archive management system does!

The Breece Hill iStoRA™ for Archive and Compliance is an integrated D2D2T appliance preloaded with XenData’s Archive Series™ software. The iStoRA 4U appliance features 2 to 3.2TB of disk, a 1 x 10 tape autoloader, a high performance Intel server running a Windows 2003 Server operating system, and network connectivity – everything needed to implement a complete archive and compliance solution. Designed specifically for SMBs with an affordably priced, single-box, plug and play system.

The iStoRA™ for Archive and Compliance delivers a robust suite of data management features including:

• Hierarchical storage management based on de-migration
• Files written automatically and simultaneously to disk and tape
• Data protection via continuous backup and tape replication
• File level search and recovery, whether on disk tape, online or offline
• WORM support
  

>> iStoRA PDF Datasheet (PDF, 733KB)

Caen Engineering, terms of service, Find an error on the site? Contact the Webmaster at danielle@caeneng.com. © 2005, Caen Engineering