This article can also be found in the Premium Editorial Download "Storage magazine: Learning data retention lessons from Warner Bros.."
Download it now to read this article plus other related content.
"Our needs weren't super-technical as far as needing a lot of different requirements that are policy related," says Matthew Barcus, senior manager, technology and Web services at KnowledgeWorks. As a nonprofit, KnowledgeWorks didn't have to worry about SOX compliance, although Barcus says the firm does its best to follow major regulations.
A more rigorous process is often required to make it easier to compare different vendors' offerings and ensure that the chosen product solves the problem. In addition, a more objective process should make it clear why certain vendors were eliminated and better define what's included in the deal with the winning vendor.
"RFPs ensure that you actually get real answers to real questions," says Dick Benton, principal consultant at GlassHouse Technologies Inc., Framingham, MA, and that you--not the vendor--are driving the procurement process. While it might seem practical to ask your storage vendor to suggest an archiving application that's compliant with an installed storage system, it's more important to make sure the archiving software meets the business needs of the company, advises Benton.
"The best practice, in all cases, is to pick the software and then pick the hardware," agrees Carolyn DiCenzo, a research VP at Gartner Inc. "Define your architecture and then find the pieces that make it work together."
There are several business needs to keep in mind, according to Benton. First,
Benton recommends that the IT department not take charge of the process. "God help the CIO who decides on the electronic retention policy without risk, legal or compliance management's input," he says. "Legal and compliance policies need to be clearly established and put down in writing."
If the company is buying archiving software to satisfy compliance laws, there may be other requirements as well, says Greg Schulz, founder and senior analyst at the StorageIO Group, Stillwater, MN. For example, you'll want to look at features associated with searching, such as classification, data indexing and support for advanced search capabilities.
You may also require "chain of custody" tracking that documents which users have touched or manipulated the data, as well as "litigation hold," which is the ability to put data associated with a legal matter into a special archive where it can't be changed or deleted. There may also be legal reasons why certain data must be destroyed after a specified time period.
This was first published in August 2007