Data Storage Compliance And Corporate Regulations
Data storage compliance and corporate regulations are having an impact on the storage organization as well as the management practices employed to retain, search, certify and destroy data. In spite of the many regulations that now govern records storage, there are no mandates or guidelines that dictate any implementation. Companies are often left idle in their quest to identify the regulations that relate to them, identify what data should be saved and implement storage to meet those various regulations. Many wonders what the essential goals of data storage compliance are?
The actual terms of each regulation on compliance vary dramatically, but storage compliance regulations typically focus on three distinct areas: retention, integrity, and security.
Retention will dictate how long data must be kept in storage, but stored data must also be quickly retrievable in the face of compliance audits or legal discovery. Search is a very serious issue with retention — an organization will need advanced tools to locate relevant data stored for 10 years, 20 years or longer. Data will also need to be readable over time, which can be a crippling problem as operating systems, email server versions or other elements of the storage infrastructure evolve with technology. For example, consider all email records saved today may not be readable by operating systems and applications 20 years from now — even if the media is completely intact.
Integrity is also called “immutability;” making sure that data has not been changed or lost because of corruption or media failure. Remember that tape had been the traditional immutable media for many years. However, disk-based write-once platforms, like content addressed storage (CAS), meet the high demands for rapid accessibility.
Then security, as it sounds, protects sensitive data from unauthorized access. Security is typically part of the storage platform (e.g., user authentication in a CAS platform), though we see encryption is taking on a more prominent role for tapes and file servers today. Regulators will often require companies to have policies and procedures in place to manage integrity and security.