It has come as a shock to many senior managers who have taken the time to pour over the details of the wealth of new legislation impacting their corporate behavior. But the message – whether it appears in the small print of Europe's data protection laws, the Basel II global financial services code, the US-created but globally applied corporate governance statute, Sarbanes-Oxley Act, or the security breach disclosure bill, California SB 1386 – is clear: Failure to comply can severely damage the business – its reputation, its balance sheet and even the liberty of company officers who have to affirm that their organisation adheres to the new rules.
|
||||
That has raised the issue of compliance to a hitherto unimaginable level on the corporate agenda. Gaining the attention of the board has perhaps been the easiest part. With today's businesses awash with data – from customer records, to sales data, to email – ensuring that the business is ‘compliant' requires a whole raft of new technology and processes to be established to meet the strictures of the numerous pieces of legislation and also a whole new layer of systems and processes to show that they are following those.
That has thrust IT into a central role in the pursuit of compliance: IT staff are being called on to evaluate current practices and establish new standards around areas such as data access and storage; and to implement technologies such as email archiving and financial reporting tools to ensure auditability.
Those major shifts were highlighted in a recent survey on compliance undertaken by Information Age and data recording media company Fujifilm. But the research – conducted via Information Age's web site Infoconomy.com – also threw up plenty of surprises.
Funding problems
For one, the concern of senior management about compliance is not always matched by funding. Less than a quarter of respondents reported receiving additional budget to support compliance initiatives. And of those that did see more cash, 30% said money had been diverted from other IT projects.
Despite that, compliance is viewed overall as having a positive impact. An overwhelming majority (65%) said that compliance pressures had been a helpful driver in improving processes and ensuring the upgrade of internal systems.
There was also a clear recognition that regulations have prompted improvements to data handling practices. That was reflected in widespread confidence among respondents that the data being held by their organisation is both accessible and secure: 85% were moderately or totally confident in their practices.
|
||||||||||||||
Such confidence suggests that at least one aspect of compliance is well understood – high-quality, high-volume storage media is required if organisations are to trust they can access backed-up data, whether that is held on tape, disk and optical disks.
But within those broad categories, there are choices to be made that have an impact on an organisation's ability to meet its compliance obligations. One key feature used in compliance has been ‘write once, read many' (WORM). This allows backed-up data to be easily accessed but not overwritten, altered or erased.
For many years, WORM optical disks have been used by organisations to protect data from modification or tampering, but more recently that capability has been extended to the two main tape formats – Super DLT and LTO.
The adoption of WORM technologies for compliance purposes is still building. The survey showed that around one in 10 companies use either WORM disk or tapes for compliance.
Writing data to media a single time may increase confidence in the reliability of any future retrieval. However, many organisations simply do not check the readability of their stored data. The research showed that a fifth of respondents did not know how their organisation ensured tapes were in good order and 12% said tapes were never checked.
Given the threat that now accompanies the loss, theft or corruption of key data – everything from a fine to a jail term – there is perhaps a need for executives to spend more time reading the regulatory small print and contemplating the consequences.
|
|||||
|
|||||
|
|||||
|
|||||
