Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

A guide to establishing compliance foundations

Storage Expo : 23 September, 2008  (Technical Article)
Steve Tongish of Plasmon explains the basics of building a compliant environment for meeting regulatory requirements
Globally there are hundreds of regulations governing the preservation and legal admissibility of digital data. Many European countries are not far behind the United States in defining and enforcing data regulations and there is growing potential for EU wide legislation. Understanding exactly which regulations apply to your own company can be very complex. This may seem like an insurmountable challenge but it is possible to deploy a foundation for compliance, without complete knowledge of regulatory obligations, which will support your compliance needs into the future and provide substantial business benefits.

The fundamentals of data regulations and compliance:.

Start by accepting the fact that regulations are here to stay. This means that the sooner your organisation addresses the fundamentals of the compliance challenge, the better off you will be. There are a few core requirements common to almost all data compliance regulations. Data needs to be secure, original, accessible over many years and you must be able to hand data over to the regulator in short order if requested.

If you align your business practices and put in place technologies to support these fundamental requirements, you put your company in a very strong position for the future. Regulatory requirements are certain to get more complex over time, but with the foundations in place, you will be in a far better position to respond to demands for increasing sophistication. In addition, you will also be able to realise market advantage over less prepared competitors by having a better handle on your data assets.

One of the key building blocks in a compliance foundation is the storage solution used to archive essential digital records. Choosing an appropriate storage strategy can strengthen your ability to meet data authenticity requirements, provide greater overall system flexibility and reduce support and maintenance costs over the life of the archive. These are all issues that can enhance your ability to achieve regulatory compliance.

There are many technologies available for long-term storage of data, each with their own individual merits. However, in respect to building a foundation for compliance, you only need to compare their specifications against the required attributes. You should select a storage technology that delivers record authenticity, has long data life to reduce the frequency of data migration, and reduces the risk of data loss, corruption or tampering. Selecting a technology solution that meets these fundamental requirements will establish the best foundation for compliance and help you capitalise on the potential that lies within your data.

A good example of the value of a foundation that addresses the fundamentals of compliance can be seen in how the SEC measures regulatory compliance for their customers.

The Security and Exchange Commission (SEC) is a US agency that has put in place a regulation that controls the retention and management of records related to the sale of US securities and applies to any financial institution worldwide selling US stocks and bonds. The regulation specifies the retention periods for the types of information that must be preserved for future reference and the SEC has the authority to audit companies for compliance.

The SEC does not attempt to certify specific technologies, but assesses the effectiveness of the total environment (process, procedure and technology). Given the rapid evolution of technology, this is a very common sense approach to measuring compliance; one that supports the philosophy of establishing a compliance foundation that can be built upon to meet specific requirements.

There is a widely held view that compliance is something of a burden, However, deploying a regulatory framework will provide substantial long-term business benefit if the proper foundation has been laid. Compliance has as much to do with process and procedure as it does with specific software and hardware. For nearly every company, there is enormous value residing in their data and it should be viewed as an asset to be capitalised on. The ability that the processes and technology of a compliance foundation brings is for the business to more easily access and realise that value into the future.

Compliance Foundation Structure:.

* Regulatory & Risk Management Policies.
* Corporate Processes & Procedures
* Software Applications
* Storage Hardware

Even after the fundamentals are understood, developing a compliance framework is no small task. It will involve changing the way you do business and the technology that you deploy. Organisations that recognise the potential benefits and establish a foundation for compliance are in a far better position to support their compliance needs into the future and capitalise on the significant business opportunities that compliance presents.

Plasmon is exhibiting at Storage Expo 2008 the UK's definitive event for data storage, information and content management. Now in its 8th year, the show features a comprehensive FREE education programme and over 100 exhibitors at the National Hall, Olympia, London from 15 - 16 October 2008
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo