Directing digital data.As compliance regulations grow, issues related to document storage have taken on increasing importance. In particular, digital document storage is becoming the kind of pressing concern that keeps CIOs up at night. Iron Mountain's CIO CIO: see American Federation of Labor and Congress of Industrial Organizations.(Chief Information Officer) The executive officer in charge of information processing in an organization. , Kevin Roden, tackles some of the questions facing today's CIOs. How can a CIO determine which digital data is most at risk for damage or exposure? It's not about media or modality modality /mo·dal·i·ty/ (mo-dal´i-te) 1. a method of application of, or the employment of, any therapeutic agent, especially a physical agent. 2. . It's about the information contained in these records, which require consistent protection (access control and recoverability) and retention (how long to keep) whether they're digital or physical. Triage triage Division of patients for priority of care, usually into three categories: those who will not survive even with treatment; those who will survive without treatment; and those whose survival depends on treatment. is a first step--you need to identify your high risk records. Records that contain sensitive information include personal secrets--you are dealing with records that need to be safely managed for compliance, regulatory or risk purposes. Once you've identified these high risk records, you need to understand the risk factors. Start by focusing on these high risk records. Unfortunately, it's not a "one size fits all" strategy. Often times things like backup tape See tape backup. retention and transaction history inside systems are not kept in synch with record retention. This creates an inconsistency in·con·sis·ten·cy n. pl. in·con·sis·ten·cies 1. The state or quality of being inconsistent. 2. Something inconsistent: many inconsistencies in your proposal. in your environment. Once I've developed a digital data protection policy, how do I ensure all my employees comply with it? To what extent should the policy even rely on employee compliance--what's my alternative? If there are opportunities to automate a process, it's in your best interest to do so. We all know you're not going to be able to do that for all processes--that's part of the challenge! For processes that are not centrally managed or automated, hold management training sessions so that everyone understands their specific role--and its importance to the company. Should my document be centralized cen·tral·ize v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es v.tr. 1. To draw into or toward a center; consolidate. 2. , distributed or some combination of the two--and then do I store it onsite, offsite, or both? There are tradeoffs for each method, but let's just accept the fact that it's impossible to centralize cen·tral·ize v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es v.tr. 1. To draw into or toward a center; consolidate. 2. everything. You have implement standard practices around security, backups, classifications and taxonomy taxonomy: see classification. taxonomy In biology, the classification of organisms into a hierarchy of groupings, from the general to the particular, that reflect evolutionary and usually morphological relationships: kingdom, phylum, class, order, , regardless of where the data lives or what form it's in. How should my digital documents be stored? How do I choose among the possible media, locations, tracking systems and--most of all--vendors? Take a long-term view. Go with the technologies that simplify your ability to effectively manage the records. Pick a vendor who can store, control and archive large numbers of assets safely. Most importantly Adv. 1. most importantly - above and beyond all other consideration; "above all, you must be independent" above all, most especially , choose someone who's going to be in the marketplace for a long time so your data doesn't simply vanish. Think carefully about "cutting edge" options--you don't want your digital documents to end up as the 2006 version of Betamax. How can I be sure my stored documents are both secure and easily accessible? Again, it starts with appropriate classification of the information. All plans should include ways to eliminate opportunity for unauthorized access; for example, you want a clear structure for access rights and privileges for digital data. As for accessibility, you have to know exactly where each piece of data resides based on its classification. For digital data, choose technology that provides automated backups, encrypted en·crypt tr.v. en·crypt·ed, en·crypt·ing, en·crypts 1. To put into code or cipher. 2. Computer Science transmission to and from the off-site location and rapid recovery for uninterrupted access to the information. Kevin B. Roden is executive vice president and chief information officer at Iron Mountain. To learn more about digital data backup/recovery and archiving, go to: www.ironmountain.com/digital |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion