"Compliance is the fear and terror that they're putting into the hearts of CIOs, saying, 'If you don't get into compliance, you're going to jail,'" Scannell said at last month's Storage Decisions conference in Chicago.
That responsibility is falling squarely on the shoulders of IT managers, who are increasingly being asked to demonstrate proof--not just good intentions--of compliance. Federal regulators are saying, "'Show me. If you can't produce the evidence, you're not in compliance,'" he says.
Thankfully, most federal regulations aren't prescriptive--that is, they don't provide you with any hard and fast rules about what is or is not compliant. Instead, "they give you a blank pad on which you write your own lesson." Steps you can take toward compliance include developing a data classification model, documenting your processes and developing an audit process.
But "if you're going to focus on just one regulation now," Scannell suggests, "focus on e-mail management and archiving," which should take care of regulations such as Sarbanes-Oxley.
Requires Free Membership to View
When you register for SearchStorage.com, you’ll also receive targeted emails from my team of award-winning editorial writers. Our goal is to keep you informed on the hottest topics, the latest news and the biggest challenges you face as a storage professional today.
Rich Castagna, Editorial Director
This was first published in October 2003