When it comes to data retention, there are no more casual Fridays—it’s buttoned-down, serious business with potentially grave consequences for non-compliant records protection and retention. And compliance regulations don’t distinguish between data center and remote office data—if it’s one of your sites, it’s your data and you’re responsible.
So what exactly are the consequences of non-compliance? To your company, non-compliance can mean financial penalties, reduced stock value, loss of customer confidence and lost sales revenue. But it’s the personal costs that can be the most fear provoking. Non-compliant behavior can mean job loss, financial penalties, and yes, even handcuffs—miss the boat on HIPAA regulations, for example, and you could find yourself up the river for five to ten
[Source: ESG Impact Report, Compliance, Feb 2006].
The good news is that there’s plenty of help available. Technology vendors are offering an increasing portfolio of solutions to help enterprises address issues of compliance. While the program that works best for each organization will most likely be a customized blend of platforms, applications, media, etc., every technology solution should integrate a mechanism for protecting ROBO data. Otherwise, no matter how much your company invests in securing its data center, your remote office data could turn out to be your Achilles heel, putting you at risk for serious non-compliance penalties.
Our compliance engineers will analyze your company’s specific needs to customize a data protection solution that is compliant with current laws and regulations. Whether you are in the healthcare, pharmaceutical or financial industry, whether you have one remote office or fifty, CRC can make sure that your data policies are compliant.
When you consider a data protection service provider, there are three critical compliance elements that you should look for, regardless of which specific regulations apply to you.
Secure, Long-Term Data Protection
The graphic figure below shows some of the records-retention periods mandated by regulations in the U.S.
Retention periods can range from a few years to 30 and more. Sarbanes-Oxley, for example, states that companies must save electronic records and messages (email/Instant Messages) for at least five years to ensure that auditors and other regulators can easily obtain requested documents. Basel II requires banks to maintain three to seven years of data history.
Fast Data Accessibility & Recoverability
Many companies admit that with their existing tape backup/recovery systems, responding to a request for data might take days or weeks. Protracted searches can mean not being able to satisfy regulatory requests or not producing data in time to fend off litigation.
Controllable Disposition of Data
Destroying data on time is just as important as securely retaining it. Backup Lifecycle Management (BLM), is a critical element of controlling backup and archive (non-active backups) copies of data as part of the total lifecycle of the data. If you think you’ve destroyed certain data, but there is a long-lost backup copy left behind, it could impose unnecessary risk. Being able to align your backup retention policies with primary data retention policies is essential.
CRC Data Protection D2D (disk-to-disk) backup and recovery technology addresses each of these critical requirements, enabling cost-effective data protection, rapid recoverability, and seamless backup lifecycle management of data center and remote office data.
Our Features
|
Issue
|
Benefit
|
|
ROBO data consolidated to data center
|
Rules apply to ALL data |
Integrates ROBO data
into enterprise compliance |
|
Efficient, one-step backup
|
Offsite storage/vaulting |
Fast backup combined with offsite storage in a single, automated process |
|
Detailed reporting
|
Proof of access, authenticity and auditability |
Provides clear idea of chain of custody of stored information |
|
256-bit AES in-flight and at-rest encryption; non-escrowed keys; password protection
|
Compliant over-the-wire encryption; controlled accessibility |
Data transfer and storage meets confidentiality and security standards, even if data is compromised in the data center. Encryption and non-escrowed keys are critical, for example, for clinics that back up to centralized HMOs and need to ensure no breach to HIPPA regulations. |
|
Multi-level access controls
|
Controlled accessibility |
The SEC says that IT departments must implement processes that answer rules such as accessibility. CRC Data Protection enables user-to-system administrator, fine-grained access control. |
|
Searchable disk-based records
|
Discovery and response to regulatory requests |
Produce documents on-demand and in a timely manner to address regulatory and litigation-related requests |
|
Message-level restore
|
Recoverability |
Fast retrieval of single emails, files and volumes |
|
Backup lifecycle management (BLM)
|
Long-term retention
|
Easily manage backup data through its lifecycle to provide maximum data protection at the most affordable cost. Data Protection recognizes multiple tiers of backup data—from mission-critical to aged versions. When data is no longer needed for day-to-day operations but must be kept for compliance, Data Protection allows the backup archive to be moved to less expensive disk or migrated to tape with HSM third party software. When IT deletes the primary data at a specified time, the backup data and the archived backup data are also destroyed. |
|
Destruction with digital certificate; destroy by date or event
|
Retention and accessibility |
Further reduce liabilities by ensuring end-of-retention automatic destruction of data. Digital certificate certifies data is permanently destroyed and inaccessible with no forensic recoverability. |
|
Single-pane-of-glass management
|
Accountability; executive liability |
Simplifies management and control of multiple sites; facilitates executive sign-off
|
|
No capacity limits
|
Long-term retention and expanding regulatory requirements |
Unlike tape-based backup and competitive D2D products, Data Protection imposes no capacity limits—the solution seamlessly scales to accommodate data growth and expanding regulations/retention periods. |
|
Ensured recoverability
|
Data accessibility, recoverability, and legibility for full retention period |
Data Protection technology captures the software version to ensure recoverability of old files. Eliminates issues of aging technology and tape formats that might not be readable in the future. |
