Advanced data storage managementCompliance <<previous|next>> :Data storage compliance's impact on storage product choices
Are you ready for new compliance rules?
10 Mar 2007 | SearchStorage.com
Most compliance regulations stress that organizations have well-documented processes for storing and retrieving company records. Technology can help, but it's only part of the solution.
Selecting a storage product to improve your organization's compliance is like putting the cart before the horse. Before you evaluate products, you need to understand the business requirements and objectives of managing your data; the types of data your compliance program must address; and the legal, regulatory and business requirements for storing, retrieving and deleting data.
Legal and regulatory compliance requirements are changing electronic data retention and storage rules. New and revised laws dictate how securely certain records must be stored, how long they must be kept and even how quickly they must be retrieved. Your company's in-house legal team or outside counsel will play an important role in crafting a storage compliance policy that will be defensible and workable.
Financial reporting laws: Many laws and regulations require companies to retain financial records and report them to agencies such as tax authorities and securities regulators. The Sarbanes-Oxley Act (SOX) reinforces those requirements with additional controls and stronger penalties for noncompliance. Contrary to some vendor claims, SOX doesn't directly require longer retention of most financial records. However, it does require outside auditors to keep their work papers for seven years, which may require a public company's internal records to meet that standard. These retention requirements can apply to enterprise resource planning (ERP) database records; scanned documents such as invoices and contracts; spreadsheets and document files in file shares or document management systems; and even relevant email messages if they haven't been captured in some other form. Some of these records may also be subject to different retention periods set by additional laws or internal policies.