Compliance: The effect on information management and the storage industry
Published: May 2003
By Peter A. Gerr, Brian Babineau and Patrick C. Gordon, The Enterprise Storage Group
Main research themes
Research scope and highlights
Compliance in the financial services industry
Compliance in the life sciences industry
Compliance in the healthcare industry
Compliance in the government industry
Main research themes
Regulations that affect the process and methods used to create, store, access, retain, and maintain compliant records are as diverse as the industries they impact. Throughout the course of our research several themes continually emerged as we examined each of the four major regulations (See chart 7 contained within the full report).
Compliance regulations offer an excellent real-world example of the importance of understanding and managing the lifecycle of information.
Common to all regulations is the need for robust security, privacy, and the need to protect information throughout its lifecycle (from creation through a period of active use, and on into a period of archival and long-term retention).
Facing the risk of audits to their compliance practices and solutions, regulated organizations now need efficient discovery and retrieval of compliant records throughout their information lifecycle.
Although the value and frequency of access for a particular record decreases over time, the risk of being found in noncompliance due to improper treatment of records is far too great to ignore.
The four pillars of compliant record storage
Our research leads us to conclude that there are various technologies, solutions, and media types that satisfy most compliance requirements. Summarizing our findings into four requirement groups, we conclude that a compliant solution must provide the following characteristics. (These characteristics are further outlined in chart 9 found in the full report.)
The four requirement groups of compliant record storage solutions include:
What are "compliant records"?
Compliant records are found in every industry in many different formats and profiles. To illustrate how compliant records fit within the universe of information, ESG found it helpful to look back at our research related to "Reference Information". As chart 10 (contained in the full report) shows, compliant records are a subset of reference assets and belong to two distinct subgroups:
- Rich media
- Digital assets
There has been a shift towards electronic, higher performing media solutions, due in large part to a combination of more stringent compliance regulations, business demands and the costs involved in retaining and managing increasing amounts of information. When defining what comprises "compliant media," however, it's important to take all the requirements of any one regulation into account.
Along with compliance efforts, other secondary business benefits such as lower costs to store, faster performance and more efficient management are also prompting IT organizations to examine new solutions that replace their legacy methods.
Compliance impacts the entire organization
While the regulations covered in this research report are consistently neutral on specific technologies to enable, achieve, or maintain compliance, clearly technology is a critical part of the equation.
ESG's research has shown, however, that it is equally important to address compliance from a business perspective in each of the markets we've examined.
Compliance impacts the entire organization and crosses boundaries between the IT side of the house and the business side, including stakeholders typically not involved in decision-making such as legal departments or CCOs (Chief Compliance Officers) (See chart 11 contained in the full report).
Compliance impacts vertical markets and horizontal applications
Through the 10,000 + regulations and rules related to compliance and records management, some common themes emerged as we conducted our research. (See chart 12 contained in the full report.)
These common threads include applications used within a variety of industries to support any number of business processes, such as:
- Messaging applications
- Imaging applications
- Transactional applications
Compliance contributes to the explosive growth of digital information
The dramatic increase in compliant records and the impact of compliance is already being felt within organizations across the globe, and comes as most continue to struggle to simply manage and protect their current information stores (See chart 13 contained in the full report).
ESG's research into "Reference Information" identified the leading growth engine for the next wave of explosive growth in storage capacity. As more information is created by industries transitioning from legacy, manual, or paper-based processes to digital and electronic systems, information will be created, stored, and shared among more people.
Over the next three years, ESG expects compliance to be a central theme and challenge for both IT and business professionals and the technology vendors who provide solutions to them.
Compliant records retention periods are increasing
Contributing to the explosive growth of compliant records is the consistency with which the mandated retention periods for these records are increasing (See chart 14).
The regulations ESG examined for this report handled the retention of certain records differently from others, with periods ranging from several years to decades and beyond.
The above information was excerpted by permission from the Enterprise Storage Group executive summary to the research report, "Compliance: The effect on information management and the storage industry," published in May 2003. To learn more about the full report, contact the Enterprise Storage Group.
Copyright 2003, Enterprise Storage Group
Peter Gerr is a senior research analyst at the Enterprise Storage Group. He will be speaking about the IT impact on compliance legislation at Storage Decisions 2003.