This article can also be found in the Premium Editorial Download "Storage magazine: Using file virtualization to improve network-attached storage."
Download it now to read this article plus other related content.
Most compliance regulations stress that organizations have well-documented processes for storing and retrieving company records. Technology can help, but it's only part of the solution.
Selecting a storage product to improve your organization's compliance is like putting the cart before the horse. Before you evaluate products, you need to understand the business requirements and objectives of managing your data; the types of data your compliance program must address; and the legal, regulatory and business requirements for storing, retrieving and deleting data.
Legal and regulatory compliance requirements are changing electronic data retention and storage rules. New and revised laws dictate how securely certain records must be stored, how long they must be kept and even how quickly they must be retrieved. Your company's in-house legal team or outside counsel will play an important role in crafting a storage compliance policy that will be defensible and workable.
Financial reporting laws: Many laws and regulations require companies to retain financial records and report them to agencies such as tax authorities and securities regulators. The Sarbanes-Oxley Act (SOX) reinforces those requirements with additional controls and stronger penalties for noncompliance. Contrary to some vendor claims, SOX doesn't directly require longer retention of most financial records. However, it does require outside auditors to keep their work papers
This was first published in March 2007