Part and parcel of most government regulations is that you back up your systems and be prepared to prove it. "The problem that arose with Enron and companies like that is that the judge would ask for the data, and they'd answer 'Oh, the data was deleted' or 'The backup didn't work,'" says Ken Barth, president and CEO at Tek-Tools, which makes the Profiler Rx suite of storage management software.
"It's not enough to try to comply," says Mark Silverman, president and CEO at Bocada, whose BackupReport software reports on the effectiveness of various backup jobs. "You need to document that the controls are there, [and then] audit and measure the performance of those controls on a regular basis."
When Bocada announced it had upgraded BackupReport to version 3.5 last month, the company also highlighted the software's ability to create an auditable track record of your backup activity. To be sure, BackupReport left an audit trail in prior versions as well, says Steve Duplessie, founder and senior analyst at Enterprise Strategy Group, Milford, MA, "but now it's been hardened to get the compliance rating." As such, it becomes "another tool in your toolbox to make the [compliance] process easier," he says.
According to Barth, the Profiler Rx suite is also used for compliance reporting, thanks to its extensive customizable reporting capability and the audit trail it leaves behind.
Tek-Tools, however, has resisted the notion of bringing to market a compliance version of Profiler Rx. That's because the reports customers are using to prove compliance are all slightly different from one another, says Barth. "They're in different industries and use different auditing firms," Barth says, which all have slightly different interpretations of a given regulation.
Thus far, the Tek-Tools reports are passing muster with auditors, claims Barth. "We're fitting the bill," he says. Whether or not backup reports will impress a judge is up for debate. But, according to Barth, one thing is sure: "The more you can show about your backups from a reporting perspective, the more you can show these people you didn't do anything malicious."