Steve Tongish, Marketing Director EMEA at archiving solutions specialist, Plasmon
Written by Steve Tongish, Plasmon’s EMEA Marketing Director.
Globally there are hundreds of regulations governing the preservation and legal admissibility of digital data. Many European countries are not far behind the United States in defining and enforcing data regulations and there is growing potential for EU wide legislation. Understanding exactly which regulations apply to your own company can be very complex. This may seem like an insurmountable challenge but it is possible to deploy a foundation for compliance, without complete knowledge of regulatory obligations, which will support your compliance needs into the future and provide substantial business benefits.
The fundamentals of data regulations and compliance
Start by accepting the fact that regulations are here to stay. This means that the sooner your organisation addresses the fundamentals of the compliance challenge, the better off you will be. There are a few core requirements common to almost all data compliance regulations. Data needs to be secure, original, accessible over many years and you must be able to hand data over to the regulator in short order if requested.
If you align your business practices and put in place technologies to support these fundamental requirements, you put your company in a very strong position for the future. Regulatory requirements are certain to get more complex over time, but with the foundations in place, you will be in a far better position to respond to demands for increasing sophistication. In addition, you will also be able to realise market advantage over less prepared competitors by having a better handle on your data assets.
Considerations for technology choices
One of the key building blocks in a compliance foundation is the storage solution used to archive essential digital records. Choosing an appropriate storage strategy can strengthen your ability to meet data authenticity requirements, provide greater overall system flexibility and reduce support and maintenance costs over the life of the archive. These are all issues that can enhance your ability to achieve regulatory compliance.
There are many technologies available for long-term storage of data, each with their own individual merits. However, in respect to building a foundation for compliance, you only need to compare their specifications against the required attributes. You should select a storage technology that delivers record authenticity, has long data life to reduce the frequency of data migration, and reduces the risk of data loss, corruption or tampering. Selecting a technology solution that meets these fundamental requirements will establish the best foundation for compliance and help you capitalise on the potential that lies within your data.
How implementing a solid foundation will help you comply
A good example of the value of a foundation that addresses the fundamentals of compliance can be seen in how the SEC measures regulatory compliance for their customers.
The Security and Exchange Commission (SEC) is a US agency that has put in place a regulation that controls the retention and management of records related to the sale of US securities and applies to any financial institution worldwide selling US stocks and bonds. The regulation specifies the retention periods for the types of information that must be preserved for future reference and the SEC has the authority to audit companies for compliance.
The SEC does not attempt to certify specific technologies, but assesses the effectiveness of the total environment (process, procedure and technology). Given the rapid evolution of technology, this is a very common sense approach to measuring compliance; one that supports the philosophy of establishing a compliance foundation that can be built upon to meet specific requirements.
The business benefits of a compliance foundation
There is a widely held view that compliance is something of a burden, However, deploying a regulatory framework will provide substantial long-term business benefit if the proper foundation has been laid. Compliance has as much to do with process and procedure as it does with specific software and hardware. For nearly every company, there is enormous value residing in their data and it should be viewed as an asset to be capitalised on. The ability that the processes and technology of a compliance foundation brings is for the business to more easily access and realise that value into the future.
Layered Compliance Foundation Structure
1 – Regulatory & Risk Management Policies
2 – Corporate Processes & Procedures
3 – Software Applications
4 – Storage Hardware
Even after the fundamentals are understood, developing a compliance framework is no small task. It will involve changing the way you do business and the technology that you deploy. Organisations that recognise the potential benefits and establish a foundation for compliance are in a far better position to support their compliance needs into the future and capitalise on the significant business opportunities that compliance presents.