This article can also be found in the Premium Editorial Download "Storage magazine: Low-cost storage pieces fall into place."
Download it now to read this article plus other related content.
"Compliance is the fear and terror that they're putting into the hearts of CIOs, saying, 'If you don't get into compliance, you're going to jail,'" Scannell said at last month's Storage Decisions conference in Chicago.
That responsibility is falling squarely on the shoulders of IT managers, who are increasingly being asked to demonstrate proof--not just good intentions--of compliance. Federal regulators are saying, "'Show me. If you can't produce the evidence, you're not in compliance,'" he says.
Thankfully, most federal regulations aren't prescriptive--that is, they don't provide you with any hard and fast rules about what is or is not compliant. Instead, "they give you a blank pad on which you write your own lesson." Steps you can take toward compliance include developing a data classification model, documenting your processes and developing an audit process.
But "if you're going to focus on just one regulation now," Scannell suggests, "focus on e-mail management and archiving," which should take care of regulations such as Sarbanes-Oxley.
This was first published in October 2003