Your Legal Responsibilities
Archiving the organisation's data used to be a backroom activity and the sole concern of the operations department. Business users and system designers only needed to know that their data was being stored somewhere safe to be retrieved in an emergency. Now, stringent data security demands from business regulators and the rise in legal discovery requests, require a better approach to archiving.
Regulatory compliance is rapidly climbing the 'must do' list for all companies, with governments requiring Directors to take more personal responsibility for securing electronically stored data to minimise the risk to their own organisations and those who deal with them.
It is self evident that any organisation that can effectively manage, aggregate and deliver all of the information at its disposal, can deliver a more efficient business than its competition. Conversely, the failure of an organisation to handle its data risk effectively can mean loss of business, loss of market position and loss of shareholder value and a potential personal liability of the Company Directors.
There is a deluge of new legal and regulatory requirements, which can affect businesses of all sizes, and present yet another responsibility for the IT manager. These legal responsibilities are often targeted at specific sectors of industry but there is one common factor, namely email. This is all being layered onto existing home grown legislative requirements. What they all have in common is that Company Directors are increasingly becoming personally liable for the maintenance of email records and the actions of employees who send email. Compliance is compounded by issues such as what legislation applies, which emails must be kept and which can be deleted. The skill sets to bridge the legislative arena, the business process, the organisational disciplines behind it and the technological tools available to implement a solution are few and far between; yet doing nothing is not an option. Working through your business issues with NetBax can be an effective starting point for creating your data storage strategy for both today and tomorrow.
However, compliance requirements are actually statements of best practice around which a long-term strategy for data storage can be based. The problems arise when these statements of principles need to be translated into a technology solution and the exact requirements can be open to interpretation. For example, is it sufficient to have data secured by having a separate backup data centre capability located greater than 25 miles from the main data centre or would less than that distance be adequate and do your backup tapes need to be encrypted if they leave the relative security of your Data Centre?
NetBax have found that many customers find decision-making in this area to be fraught with pitfalls. IT Managers feel obliged to take action, not knowing where to turn to for reliable advice, having to implement solutions knowing that failing to respond appropriately can lead to loss of revenues, share value and market position for their organisation if the solution does not satisfy the regulatory authority.
However, with some thought and analysis the regulatory requirements and responsibilities for electronically stored data can be sub-divided into four main areas:
Creating compliance solutions based on these areas can be facilitated by a structured approach such as the following:
- Understand the business process that the IT is supporting
- Architect a solution around the business requirement
- Develop a data security strategy for data in transit and at rest
- Create IT based policy sets and infrastructure that will not only maintain the essentials of the organisation's function during a period of disruption but also deliver a system for restoring the organisation to a full operation over a pre-defined period
- Overlay the data storage architecture with a system for managing, archiving, retrieving and searching for the data stored across the IT environment
- Document policies, processes and change management requirements to ensure that future enhancements integrate seamlessly into the system that has been created
NetBax demonstrates to its customers how with a structured approach, compliance can be turned into an opportunity rather than a threat. Implementing regulation and compliance may seem like a drain on resources but can actually offer the opportunity to make savings through increased efficiency, which can quickly benefit the company as a whole.
As a result of advice provided by NetBax, more and more companies are using compliance as an opportunity to implement enhanced formal business processes and reporting which can be translated into new data storage architectures. Properly introduced and executed, this creates an opportunity to identify inefficiencies, overlaps and duplication in the usage of data storage assets. The consolidation and rationalisation of data storage using the latest virtualisation technologies is driving force for even greater efficiencies and economies of scale. Although compliance in itself is ultimately a risk limitation exercise, it can also be a business driver that delivers greater efficiencies and in turn financial savings for the IT department.
A compliance strategy based on an open storage networked solution can add value to the whole business through the introduction of effective technologies and practices, facilitating improved use of existing data storage assets while future proofing the organisation against inevitable change.
Compliance may seem an insurmountable challenge for some IT Managers, but for organisations that work with the right partners they will come through the process as stronger, healthier businesses.
