Compliance: The effect on information management and the storage industry
Published: May 2003
By Peter A. Gerr, Brian Babineau and Patrick C. Gordon, The Enterprise Storage Group
Main research themes
Research scope and highlights
Compliance in the financial services industry
Compliance in the life sciences industry
Compliance in the healthcare industry
Compliance in the government industry
For this phase of our research, ESG selected four compliance regulations within four unique industries. In addition to being among the largest, most profitable industries in the global marketplace, each has its own method of conducting business and extracting value from information.
The four industries and their associated regulations are:
- Financial Services - 17 CFR 240.17a-3&4 - This regulation (and associated rules) addresses all broker/dealer institutions and defines the types of records they must create and retain and for how long. Additionally, these rules describe requirements for maintaining these records in a compliant manner.
- Healthcare - HIPAA (The Health Insurance Portability and Accountability Act) - This regulation addresses payors, providers, and clearinghouses (insurance organizations) and describes security policies and procedures meant to ensure secure access, transmission, and retention of Personal Health Information (PHI).
- Life Sciences/Pharmaceutical - 21 CFR Part 11 - This regulation (and associated "Predicate Rules") addresses various types of companies involved in the industry, including biotechnology, medical equipment, and food and beverage manufacturers. These rules describe the types of records that must be retained, in addition to discussing the use of electronic systems and records in place of paper or manual systems.
- Government - Department of Defense (DoD) 5015.2 - This regulation addresses all agencies within the DoD and certifies which applications or technology solutions an agency may implement to manage records.
ESG has also examined the impact of several other compliance-related rules and presents our analysis of these as well, including:
- The Electronic Signatures in Global and National Commerce Act (ESIGN) - Passed by Congress in 2000, this legislation addresses the equivalency of electronic records or "erecords", and electronic signatures, or "esigs" to paper records and written signatures.
- Sarbanes-Oxley Act - Passed by Congress in early 2002, this legislation addresses both corporate and auditor policies and procedures and the retention of records related to financial reports.
Please note that all growth rates below are expressed as compound annual growth rates (CAGR).
- The worldwide capacity of compliant records will increase at a compound annual growth rate of 64%.
- Life Sciences is the industry with the fastest growing capacity of compliant records within our study. The worldwide capacity of compliant records in the Life Sciences industry will increase at a compound annual growth rate of 86%
- Healthcare is the industry with the largest capacity of compliant records within our study. The worldwide capacity of compliant records in the Healthcare industry will increase at a compound annual growth rate of 52%.
- The worldwide capacity of compliant records stored on disk-based solutions will increase at a compound annual growth rate of 172%
- The worldwide percentage of compliant records stored on tape-based solutions will decrease at a compound annual growth rate of -5%.
The above information was excerpted by permission from the Enterprise Storage Group executive summary to the research report, "Compliance: The effect on information management and the storage industry," published in May 2003. To learn more about the full report, contact the Enterprise Storage Group.
Copyright 2003, Enterprise Storage Group
Peter Gerr is a senior research analyst at the Enterprise Storage Group. He will be speaking about the IT impact on compliance legislation at Storage Decisions 2003.