Data management for compliance.Compliance, Regulation and Statutory Legislation have become increasing burdens for the long-term storage of data. Legislation operates in tandem Adv. 1. in tandem - one behind the other; "ride tandem on a bicycle built for two"; "riding horses down the path in tandem" tandem with a fierce economic climate that is keeping a fight grip on budgets and is dictating that IT operates with fewer skilled resources, whilst demands for service intensify in·ten·si·fy v. in·ten·si·fied, in·ten·si·fy·ing, in·ten·si·fies v.tr. 1. To make intense or more intense: . It is clear that a way must be found to satisfy these demands cost effectively whilst minimising corporate risk and exposure. The importance of Compliance and regulations covering records retention at national, European and International levels are imposing severe demands on the long-term storage of data. These, in turn, are placing supplementary burdens on the associated storage infrastructure and its management. This is notable particularly within financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. organisations, where there are many challenges to ensure that data storage systems can handle the new obligations and demands. These include Basel 11, the International Auditing Standards (IAS See iPlanet Application Server. 1. (computer) IAS - The first modern computer. It had main registers, processing circuits, information paths within the central processing unit, and used Von Neumann's fetch-execute cycle. ), Sarbanes-Oxley and FSA FSA Financial Services Authority FSA Food Standards Agency (UK) FSA Farm Service Agency (USDA) FSA Financial Services Agency (Japan) guidelines guidelines, n.pl a set of standards, criteria, or specifications to be used or followed in the performance of certain tasks. specific to LTK LTK Licence To Kill (James Bond Movie) LTK Language Toolkit LTK Lisp Tool Kit LTK Language Tool Kit operations. The numerous regulations imposed upon the Banking sector requires careful assessment of data management policies: * What information is stored * How the information should be classified * Which storage platforms should hold the data * To whom access should be granted * How long the data should be retained * How rapidly it needs to be accessed * How it should be archived and/or deleted Deleted A security that is no longer included on a specified market. Sometimes referred to as "delisted". Notes: Reasons for delisting include violating regulations, failing to meet financial specifications set out by the stock exchange and going bankrupt. at the end of its lifecycle In order to meet the requirements placed upon Financial services organisations, which require them to retain relevant data for long (sometimes unspecified Adj. 1. unspecified - not stated explicitly or in detail; "threatened unspecified reprisals" specified - clearly and explicitly stated; "meals are at specified times" ) periods of time, it is essential that they actively manage the information throughout its lifetime. The value of data held varies enormously over its lifetime and the speed with which it needs to be recoverable also fluctuates. The concept of Information Lifecycle Management Information Lifecycle Management refers to a wide-ranging set of strategies for administering storage systems on computing devices. Specifically, four categories of storage strategies may be considered under the auspices of ILM. , frequently referred to as ILM enables management of data to ensure efficient recovery within specific regulatory timeframes. It is the opinion of Bloor Research that effective data storage, data management and ILM lie at the heart of all solutions to regulatory and compliance challenges. Storage Strategy for Regulatory and Compliance Data The increasing demand for organisations to store these ever growing volumes of information for extended periods of time makes it unlikely that many of them will wish to store all such data on their most performance (and usually therefore most expensive) disk sub-systems for the entire lifetime of the data. It is clear that the service levels demanded by the business for access to the data are likely to vary considerably over its lifetime. Within the majority of organisations, the value of data usually decreases over time. For example, several recent studies have indicated that around 90 percent of data held in disk storage systems is seldom, if ever, accessed more than ninety days after its creation. Storage/Data Management software now makes it possible to migrate data between various storage platforms each of which possesses differing performance and cost characteristics. This makes it possible to move data between differing storage platforms in accordance Accordance is Bible Study Software for Macintosh developed by OakTree Software, Inc.[] As well as a standalone program, it is the base software packaged by Zondervan in their Bible Study suites for Macintosh. with varying business requirements for access to the data. This approach has become known as Information Lifecycle Management, or ILM. In essence, ILM is an extension to the entire IT infrastructure of the hierarchical storage management See HSM. principles long practised practised Adjective expert or skilled because of long experience in a skill or field: the doctor answered with a practised smoothness Adj. 1. in mainframe environments. For example, when data is created by one of the core business financial applications it might be held on a primary storage system that is very responsive with sophisticated data mirroring and rolling-backup systems in place to ensure that the information may be retrieved rapidly and is robustly protected. As the data ages, the business requirement to have rapid access to it may diminish. Consequently, after a period of time that meets all business usage requirements, the data could be migrated to a less expensive, 'capacity' disk system, thereby freeing up space on the primary storage platform to store newly created data whilst still providing online access to the information. After a longer period of time defined by business requirements, the data might then moved to a Nearline storage Nearline storage (where Nearline is a contraction of Near-online) is a term used in computer science to describe an intermediate type of data storage. It is a compromise between online storage (constant, very rapid access to data) and offline storage (infrequent platform and eventually to an archive system. ILM--the building blocks for managing compliance data The first step in implementing an ILM strategy to manage compliance and regulatory data requires that organisations identify all data that has defined data retention periods. Once the information is identified and the necessary data retention demands assessed, the data should be classified according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. its retention characteristics. Information Lifecycle Management has the potential to play a pivotal role in helping organisations meet data retention and compliance obligations. * The first step that must be taken is to ensure that all of the compliance and regulations that apply to the business are understood and classify clas·si·fy tr.v. clas·si·fied, clas·si·fy·ing, clas·si·fies 1. To arrange or organize according to class or category. 2. To designate (a document, for example) as confidential, secret, or top secret. the impact that these have on the ongoing retention and handling of data. * The next step is to catalogue and classify the data held. The storage management software should ensure that the data is assigned as·sign tr.v. as·signed, as·sign·ing, as·signs 1. To set apart for a particular purpose; designate: assigned a day for the inspection. 2. to the most appropriate storage platform as cost effectively as possible whilst ensuring that all service and regulatory obligations are met. * The third step would then see the underlying storage platforms classified into a number of storage containers each with understood performance and protection. It then becomes possible to manage data through its lifecycle using centrally administered policies that moves data around the storage infrastructure supply on the basis of its classification and the classification of the storage platform required. ILM and Storage Architectures For any ILM solution to operate it is essential that the underlying storage infrastructure be flexible and secure, yet capable of delivering differing levels of service at a variety of price points. The requirement for flexibility and tiered performance characteristics dictates that the storage platforms be simple to manage and built utilising open standards Specifications for hardware and software that are developed by a standards organization or a consortium involved in supporting a standard. Available to the public for developing compliant products, open standards imply "open systems;" that an existing component in a system can be replaced . A flexible, open storage infrastructure coupled with an understanding of the data held by the organisation, its value and its classification in terms of its retention and deletion deletion /de·le·tion/ (de-le´shun) in genetics, loss of genetic material from a chromosome. de·le·tion n. Loss, as from mutation, of one or more nucleotides from a chromosome. policies will make it possible to implement an effective ILM solution to handle all regulatory and compliance requirements Compliance requirements are a series of directives established by United States Federal government agencies that summarize hundreds of Federal laws and regulations applicable to Federal assistance (also known as Federal aid or Federal funds). . Getting Started with ILM * Implement an Open, Flexible Simple to Manage Storage infrastructure * Identify all data held that is subject to retention/deletion requirements * Set appropriate Compliance Policy Classes for the required retention * Classify Data into applicable Policy Classes * Archive to Write Once Read Many (WORM) Compliant Media (Disk/Optical etc.) * Set compliance policies for the supervision of content Summary Without the adoption of an ILM approach, it is likely that the cost to organisations of ensuring that they remain compliant with all legislative, regulatory and corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. drivers will prove to be extremely expensive. ILM demands that not only the storage infrastructure is suitable to meet the needs of the Organisation but that each and every person working in the entity understands the importance of working in accordance with appropriate procedures. Many of the latest compliance initiatives, including Sarbanes-Oxley, Basel 11, IAS, EU Data Protection legislation and various industry-specific regulations are at an early stage in their development. As is always the case with any form of regulation it will take time for many of them to evolve and mature. It is in the very nature of compliance solutions that they are always subject to refinement and, especially in Europe, to local legal interpretation. It is the opinion of Bloor Research that the deployment of open, flexible storage infrastructures will play a crucial role in determining the ability of organisations to meet their obligations in respect of compliance and regulation. Without adequate ILM it is likely that organisations will be unable to meet their obligations without imposing a massive burden on personnel and/or incurring in·cur tr.v. in·curred, in·cur·ring, in·curs 1. To acquire or come into (something usually undesirable); sustain: incurred substantial losses during the stock market crash. 2. potentially excessive costs. A simplified, open storage infrastructure, good storage management software and well-defined and refined data classification and management policies will prove to be invaluable. It is clear that many organisations have already decided to adopt an approach that stores everything rather than risk the consequences of not having access to data when it is requested or, more likely, demanded by a regulatory body. This methodology has the benefit of simplicity, speed and, when coupled with a suitable ILM strategy, could prove to be financially attractive. www.storage-expo.com A full whitepaper is also available 'The era of Compliance and the impact on UK Financial Services" by Tony Lock, Chief Analyst and Bob McDowafl, Director, Financial Services at Bloor Research, is available from www.netapp.com/compliance/uk/ Tony Lock and Bob McDowall, Bloor Research |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion