Compliance: The effect on information management and the storage industry
Published: May 2003
By Peter A. Gerr, Brian Babineau and Patrick C. Gordon, The Enterprise Storage Group
Editor's note: Establishing proper records retention policies for today's virtual records is on the minds of many storage managers. And, with good reason. IT staffers manning the controls behind today's financial services, healthcare and publicly-traded companies are even now struggling to understand the latest torrent of legal mandates that dictate how long certain data should be stored and in what capacity. They are weighing both the cost of compliance and the potential cost of noncompliance.
To shed more light on this issue, the editors turned to the Milford, Mass.-based Enterprise Storage Group, a storage analyst firm who recently produced its own few hundred page report on compliance legislation, its impact on the storage industry and various vertical, corporate markets. For the benefit of our readers, we've excerpted portions of this report's executive summary here. (To purchase the full report or to inquire about receiving a free chapter download related to your industry, go to the Enterprise Storage Group Web site).
Main research themes
Research scope and highlights
Compliance in the financial services industry
Compliance in the life sciences industry
Compliance in the healthcare industry
Compliance in the government industry
The challenges and complexities involved in addressing compliance are magnified by the current knowledge gap between regulated industries and the technology vendors trying to capitalize on the perceived opportunities.
Technology vendors' confusion with and misinterpretation of the regulations adversely affects the credibility of the products, solutions, and marketing messages they develop to address compliance needs.
The good news for storage technology vendors in 2003 is that their customers' lives are getting more complex. Storage capacities under management continue to increase rapidly even in a down economy, and there is a new wave of complexity coming, one that will impact not only the IT departments but will have equal if not greater impact on the business professionals within organizations across every industry.
This new wrinkle is compliance and the currency is information.
The management of compliant records is poised to have an enormous material effect on the global IT community even while it challenges all technology vendors to educate themselves and prepare to meet this new opportunity.
Over the past decade, information, in many forms, has become the focal point of various regulations and laws. Information -- like any other hard asset -- needs to be protected, monitored, maintained, exchanged and secured.
Our research found more than 10,000 laws and regulations in the United States alone drafted by federal and state legislative bodies. A common thread running through these regulations is that they address "records," information that takes many of the forms discussed earlier. These regulations also address the process by which records must be created, stored, accessed, maintained, and retained over increasingly long periods of time (in some cases, beyond the life of a human).
Chart 2: The compliance landscape is a minefield
(Chart 2 excerpted from full report)
With constant news of corporate misdeeds, accounting scandals, and securities fraud throughout the past 24 months, followed by unprecedented fines levied by the Securities and Exchange Commission (SEC) and the Food and Drug Administration (FDA) for violation of compliance regulations, ESG decided to take a closer look at the subject.
The compliance-related events that have made the news in the past year are the tip of an iceberg that will have enormous material impact on both the IT and business components of organizations in every market.
Compliance presents a unique opportunity and challenge for incumbent storage technology vendors across all segments of the market including systems, software, and networking vendors, all of whom are vying for leverage relative to compliance.
Compliance also affects independent software vendors (ISVs) developing the applications that create records, as well as the mountains of information that are the focal point of these rules and regulations.
Ultimately, technology vendors must not only understand the salient points of these notoriously ambiguous regulations, separating fact from fiction, but must also be prepared to address the technological and business aspects of compliance and any solution equally.
Compliance is not optional, but is essential if both public and private organizations wish to successfully pass inspections, avoid fines and loss of trust, and compete in an ever-increasing competitive global marketplace while evolving their records management processes to "best in class".
The above information was excerpted by permission from the Enterprise Storage Group executive summary to the research report, "Compliance: The effect on information management and the storage industry," published in May 2003. To learn more about the full report, contact the Enterprise Storage Group.
Copyright 2003, Enterprise Storage Group
Peter Gerr is a senior research analyst at the Enterprise Storage Group. He will be speaking about the IT impact on compliance legislation at Storage Decisions 2003.