Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


May 2005

6 Essential Storage Strategies to Meet Compliance Needs

Use this checklist to help you determine what storage and data-protection solutions you need to invest in as part of your compliance project
From the May 2005 Edition
of Windows IT Pro
David Chernicoff
Feature
InstantDoc #46313
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Backup and Recovery Articles Here | Reprints
Or get the Monthly Online Pass—only $5.95 a month!

1. Determine how well a storage solution will fit your existing business processes. At least as important as whether a storage product supports the regulations that affect your organization is how well the product meshes with your existing business processes. A product that doesn't fit in with your company's operations will require you to change processes to match the way the product works, an option that few organizations will find acceptable.

If, of course, your organization must alter its processes to comply with the appropriate regulations, you have a bit more flexibility in your choice of solutions. Nevertheless, the products that introduce the fewest changes will have the least negative impact on your day-to-day operations.

2. Make sure your solution meets the full spectrum of compliance requirements for your industry. Storage-compliance requirements generally fall into three categories: data security, access control, and historical availability of data. Typically your OS handles security and access control. The requirements for an industry could include any or all of these categories and will usually require an end-to-end solution that provides the same compliance requirements throughout the lifecycle of the affected data. Keep in mind that the physical storage system you use isn't really the issue; the software that uses your storage will maintain regulatory compliance. The number-one rule is that your storage solution must be able to maintain each individual record for as long as necessary and in a way that prevents alteration of records.

3. Assess your backup strategy and, if necessary, modify it to meet compliance requirements. The storage-specific issue that's most relevant to regulatory compliance is backup. In most cases, traditional backup solutions don't address the full range of compliance issues. To maintain compliance, you must keep data backups secure. Backed-up data must meet the same archiving regulations as live data. Depending on which set of compliance regulations you're following, you might have to maintain online, nearline, and offline data backups and have in place a lifecycle process that moves data to the required location in that tree so that the data meets availability standards.

Disaster recovery solutions are no longer just simple backups. Now, you must maintain backup data so that it retains all the details that comprised the original records, not only the raw data. Furthermore, offsite disaster recovery storage must meet the same data-security standards as your primary data store.

4. Choose unalterable backup media. Because many compliance regulations prescribe data-retention periods, your data-lifecycle process will require the use of storage media that lets data be written but not altered. Therefore, you should consider using optical technologies—such as write once, read many (WORM), or tape technologies, such as DLTIce, which let data be appended to a record but don't allow overwriting—as standard tools for storage compliance. Keep these offline records in mind when you create your disaster recovery plan because you'll need to be able to recreate them as well as live data. Also keep in mind that even offline storage methodologies must be able to find and restore required records promptly.

5. Make sure you can migrate stored data. When choosing storage technologies, consider how easily you can migrate stored data to next-generation systems. Examine your current environment and determine how many of your storage systems have been in use for the last 6 years. If you migrate to newer-generation storage technologies, you must be able to move all data affected by compliance regulations to its new home.

6. Maintain an easily accessible audit trail. Compliance regulations require that a business maintain the chain of custody of any record that's affected by such regulations. This means that any access that might modify an affected record be recorded and that this audit data be easily accessible. You must track not only access that can modify the record but possibly also any access to the record, to ensure that your organization adheres to confidentiality requirements.

End of Article

Reader Comments

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
The Memory-Optimization Hoax

Don't believe the hype. At best, RAM optimizers have no effect. At worst, they seriously degrade performance. ...

How can I uninstall the Microsoft Java Virtual Machine (JVM) from Windows XP?

...

What service packs and fixes are available?

...
Storage Whitepapers Double-Take Virtual Systems and Disaster Recovery

Protecting Microsoft SharePoint with Double-Take for Windows 5.0

StoreVault SnapManagers for Microsoft Exchange and SQL Server
Related Events Check out our list of Free Email Newsletters!
Storage eBooks A Guide to Windows Disaster Recovery and Backup

A Guide to Windows Certification and Public Keys

SQL Server Administration for Oracle DBAs
Related Storage Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.


ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

Critical Challenges of ESI & Email Retention
Are you storing too much electronic information? Get expert legal advice and better understanding of what you are required to do as an IT professional.

Become a fan of Windows IT Pro on Facebook!
Join us on Facebook and be a fan of Windows IT Pro!

Sustainable Compliance: Are You Having a Resource Crisis?
Read this white paper to examine trends in compliance and security management and review approaches to reducing the cost and operational burden of compliance.

Rev Up Your IT Know-How with Our Recharged Magazine!
The improved Windows IT Pro provides trusted IT content with an enhanced new look and functionality! Get comprehensive coverage of industry topics, expert advice, and real-world solutions—PLUS access to over 10,000 articles online. Order today!

Get It All with Windows IT Pro VIP
Stock your IT toolbox with every solution ever printed in Windows IT Pro and SQL Server Magazine plus bonus Web-exclusive content on hot topics. Subscribe to receive the VIP CD and a subscription to your choice of Windows IT Pro or SQL Server Magazine!



Order Your Fundamentals CD Today!
Gain an introduction to Exchange, learn server security requirements, and understand how unified communications can play a role in your messaging strategies with this free Exchange CD.
Windows IT Pro Home Register About Us Affiliates / Licensing Media Kit Contact Us/Customer Service  
SQL Connected Home IT Library SuperSite FAQ Wininfo News
Europe Edition Office & SharePoint Pro Windows Dev Pro Windows Excavator 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing