 |
||||||||||||
 |
||||||||||||
 |
||||||||||||
 |
||||||||||||
 |
||||||||||||
 |
||||||||||||
 |
 |
 |
 |
 |
 |
|||||||
Data Storage and Archival Compliance is a real market force and will drive adoption of content management solutions that include Permanent Records Management as a cornerstone. The legislative mandates in the United States including Sarbanes-Oxley, HIPAA, the Patriot Act, and SEC regulations will cause companies and organizations to get their content "houses" in order or face significant negative consequences to the business. Some of the regulations and acts pertaining to RM include:
• The Sarbanes-Oxley Act - For falsification of records and e-mail with retention and deletion guidelines
• HIPAA (Health Insurance Portability and Accountability Act) For medical images and records
• SEC Rule 17a-3 and 17a-4 Regulating Brokerage Businesses
• BASEL II, Gramm-Leach-Bliley Act and FDIC regulations for Banking & Finance
• USA FDA 21 CFR Part 11 For Bio-Tech & Pharmaceutical standards
There are numerous other regulations still under review
Of the hundreds of "Compliance" regulations in the United States, nearly all include electronic record preservation and retention requirements. Regulatory compliance legislation places strict requirements with regard to the storage, protection and distribution of these volumes of information. They also specify requirements for assuring its accurate preservation and for providing controlled access to the information. As a consequence, today's IT environments demand solutions which facilitate this compliance while simultaneously delivering on-line access, WORM file attributes, and a reasonable Total Cost of Ownership.
Management tasked with implementing electronic records systems must meet the formidable and critically important challenges of operating these systems in accordance with the applicable laws and regulations. To that end, they must reduce the legal, regulatory and business risks involved in the capture, storage, distribution and reproduction of their electronic records.
Throughout the numerous statutes and regulations that have promulgated electronic record legislation there is a common set of foundational requirements regarding the use and acceptance of electronic records
• The records must be authentic and there should be proof that they are what they purport to be
• The integrity of the records must be protected from alteration or deletion as long as the records are retained
• Records may not be distributed, copied or viewed without proper consent
• The records must be readily accessible when required
• When retrieved, the records must be capable of being processed (by available hardware and software) and reproduced in a format that can be read by a person
In selected regulations, and in all good practices related to electronic records storage, a duplicate “recovery” copy of the original electronic record is required and in specific cases it must be kept at a separate geographical location.
An increasing number of laws and regulations now require an audit trail be produced and retained as a means of tracking any possible alterations to, unauthorized access to or distribution of the record. Audit trails must also be provided to monitor other events such as the migration of the record, e.g., the transfer of records from one media to another. For these reasons, data storage systems must also provide these controls and functions:
• Unauthorized access control
• Physical and logical security over information systems, processes, and communications
• Monitoring, auditing, and reporting
• Business continuity and disaster recovery
• Physical and logical security over information systems, processes, and communications
• Encryption in transit and at rest
• Access and restriction controls
Organizations need to conduct a thorough evaluation of their current policies and practices, and based on their findings, develop a forward-looking strategy. In addition to meeting their individual compliance and best practices requirements, companies also need to implement long-term data protection strategies that leverage and integrate within their existing infrastructure.
In meeting these compliance obligations many organizations are achieving a more efficient use of capital resources by employing partners that can help them manage such a dynamic and complex volume of information. These partners provide a strategic role, advising management of proven policies, products and technologies which are collectively required to enable compliance.
Digital Archive Solutions offers various solutions which provide cost effective and reliable methods of meeting these data storage challenges and requirements. We partner with leading Storage Hardware manufacturers, and Software Developers to assure compatibility and performance. We concentrate on select providers who have proven their superior capabilities in product development, technical support, and integrity.