Problem solve Get help with specific problems with your technologies, process and projects.

ESG compliance report excerpt, Part 2: Main research themes

Analysts at the Milford, Mass.-based Enterprise Storage Group discuss the importance of the latest records retention/compliance legislation and its impact on the storage industry.

Compliance: The effect on information management and the storage industry
Published: May 2003
By Peter A. Gerr, Brian Babineau and Patrick C. Gordon, The Enterprise Storage Group

Table of Contents

Main research themes
Research scope and highlights
Compliance in the financial services industry
Compliance in the life sciences industry
Compliance in the healthcare industry
Compliance in the government industry

Main research themes

Regulations that affect the process and methods used to create, store, access, retain, and maintain compliant records are as diverse as the industries they impact. Throughout the course of our research several themes continually emerged as we examined each of the four major regulations (See chart 7 contained within the full report).

Compliance regulations offer an excellent real-world example of the importance of understanding and managing the lifecycle of information.

Common to all regulations is the need for robust security, privacy, and the need to protect information throughout its lifecycle (from creation through a period of active use, and on into a period of archival and long-term retention).

Facing the risk of audits to their compliance practices and solutions, regulated organizations now need efficient discovery and retrieval of compliant records throughout their information lifecycle.

Although the value and frequency of access for a particular record decreases over time, the risk of being found in noncompliance due to improper treatment of records is far too great to ignore.

The four pillars of compliant record storage

Our research leads us to conclude that there are various technologies, solutions, and media types that satisfy most compliance requirements. Summarizing our findings into four requirement groups, we conclude that a compliant solution must provide the following characteristics. (These characteristics are further outlined in chart 9 found in the full report.)

The four requirement groups of compliant record storage solutions include:

  1. Discovery
  2. Legibility
  3. Auditability
  4. Authenticity

What are "compliant records"?

Compliant records are found in every industry in many different formats and profiles. To illustrate how compliant records fit within the universe of information, ESG found it helpful to look back at our research related to "Reference Information". As chart 10 (contained in the full report) shows, compliant records are a subset of reference assets and belong to two distinct subgroups:

  • Rich media
  • Digital assets

There has been a shift towards electronic, higher performing media solutions, due in large part to a combination of more stringent compliance regulations, business demands and the costs involved in retaining and managing increasing amounts of information. When defining what comprises "compliant media," however, it's important to take all the requirements of any one regulation into account.

Along with compliance efforts, other secondary business benefits such as lower costs to store, faster performance and more efficient management are also prompting IT organizations to examine new solutions that replace their legacy methods.

Compliance impacts the entire organization

While the regulations covered in this research report are consistently neutral on specific technologies to enable, achieve, or maintain compliance, clearly technology is a critical part of the equation.

ESG's research has shown, however, that it is equally important to address compliance from a business perspective in each of the markets we've examined.

Compliance impacts the entire organization and crosses boundaries between the IT side of the house and the business side, including stakeholders typically not involved in decision-making such as legal departments or CCOs (Chief Compliance Officers) (See chart 11 contained in the full report).

Compliance impacts vertical markets and horizontal applications

Through the 10,000 + regulations and rules related to compliance and records management, some common themes emerged as we conducted our research. (See chart 12 contained in the full report.)

These common threads include applications used within a variety of industries to support any number of business processes, such as:

  • Messaging applications
  • Imaging applications
  • Transactional applications

Compliance contributes to the explosive growth of digital information

The dramatic increase in compliant records and the impact of compliance is already being felt within organizations across the globe, and comes as most continue to struggle to simply manage and protect their current information stores (See chart 13 contained in the full report).

ESG's research into "Reference Information" identified the leading growth engine for the next wave of explosive growth in storage capacity. As more information is created by industries transitioning from legacy, manual, or paper-based processes to digital and electronic systems, information will be created, stored, and shared among more people.

Over the next three years, ESG expects compliance to be a central theme and challenge for both IT and business professionals and the technology vendors who provide solutions to them.

Compliant records retention periods are increasing

Contributing to the explosive growth of compliant records is the consistency with which the mandated retention periods for these records are increasing (See chart 14).

The regulations ESG examined for this report handled the retention of certain records differently from others, with periods ranging from several years to decades and beyond.

--Return to table of contents--

The above information was excerpted by permission from the Enterprise Storage Group executive summary to the research report, "Compliance: The effect on information management and the storage industry," published in May 2003. To learn more about the full report, contact the Enterprise Storage Group.

Copyright 2003, Enterprise Storage Group

Peter Gerr is a senior research analyst at the Enterprise Storage Group. He will be speaking about the IT impact on compliance legislation at Storage Decisions 2003.

Dig Deeper on Data storage compliance and regulations

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.