Tape storage for Sarbanes-Oxley compliance.When addressing new data storage mandates, IT professionals should take a step back to fully understand the storage requirements and then make an informed decision on the best strategies and technologies to deploy that meet the challenge. In all cases, the overall cost of the solution should be the deciding factor: If tape technology meets the requirements, why choose a more expensive option? The implementation of systems to comply with the Sarbanes-Oxley Act See SOX. of 2002 is a perfect example: A large amount of new data will be generated to comply, but this data may only be needed in the case of an audit. So why tie up expensive disk resources when existing automated tape systems can be leveraged to take on this incremental capacity load? Since tape is the least expensive option available for reliably storing large amounts of electronic information, it should always be considered during the system design and acquisition process. At a fraction of the TCO (1) (Total Cost of Ownership) The cost of using a computer. It includes the cost of the hardware, software and upgrades as well as the cost of the inhouse staff and/or consultants that provide training and technical support. See ROI. (Total Cost of Ownership) of magnetic or optical disc systems, tape cartridges can store massive amounts of incremental data for less than $0.35 per Gigabyte (compared to about $30 per Gigabyte for a "compliance-edition" magnetic disk-based Content Addressable Reachable. When something is addressable, it can be identified and manipulated independently of its surroundings. For example, screen pixels and RAM memory are addressable. Each of the screen's picture elements can be individually turned on and off, and each of the memory's bytes can be Storage system). Current tape media will retain data for 15 to 30 years, far exceeding the retention requirements of almost all organizations and the useful lifetime of a magnetic disk drive. And by using automated tape libraries for near-line access, any document can be retrieved quickly and without human intervention to fully meet the needs of management, employees and auditors. The Sarbanes-Oxley Act of 2002 is a major piece of legislation that has generated an enormous amount of attention by a wide range of businesses. All public corporations that trade their stocks in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. must ensure that they comply to avoid the significant financial penalties and criminal charges that Sarbanes-Oxley imposes. The Facts of Sarbanes-Oxley * It was enacted in response to several high-profile corporate financial scandals that resulted in huge losses for many thousands of investors and employees. * The Public Company Accounting Oversight Board The Public Company Accounting Oversight Board (or PCAOB) (sometimes called "Peekaboo") is a private-sector, non-profit corporation created by the Sarbanes-Oxley Act, a 2002 United States federal law, to oversee the auditors of public companies. (www.pcaobus.org) was formed as the governing authority and issued its first set of rules for public auditing firms, effective May 24, 2004. * Public auditing firms must register with the PCAOB PCAOB Public Company Accounting Oversight Board and follow new rules for how they conduct audits of the financial statements and internal controls of their clients. * Publicly traded corporations must implement and document internal financial controls that will ensure that their financial statements provide a fair and accurate representation of the business and its operating results. * CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. and CFO See Chief Financial Officer. must provide certification of their approval on each quarterly and annual financial report. Tape Storage Meets the Sarbanes-Oxley Challenge Within the 69 provisions of Sarbanes-Oxley, and its hundreds of subparagraphs, there is a new requirement to store or retain documents: "... registered public auditing firms must retain the working papers working papers pl.n. Legal documents certifying the right to employment of a minor or alien. Noun 1. working papers they use during an audit for 5 years". A corporation must create and document its internal financial control procedures and keep them freely available for employees and auditors. Corporations must store and retain all transactions that go into the financial statements, but there are no new rules on how long these records should be retained, or how they should be stored so corporations may keep them archived. The unalterable nature of such information has caused the use of "write-once" or "compliance-edition" tape media to gain favor. Due to its record-only capability, another government regulation (SEC Rule 17a-4) requires the use of unalterable WORM (write-once read-many (storage) Write-Once Read-Many - (WORM) Any type of storage medium to which data can be written to only a single time, but can be read from any number of times. Typically this is an optical disk whose surface is permanently etched using a laser in order to record information. ) storage media to retain records for seven years. This regulation applies to securities brokers and dealers, who have incorporated WORM into their storage environment. WORM-capable tape drives that are available include Sony's AIT and S-AIT WORM, StorageTek's 9840 and 9940 Volsafe, IBM's 3592 WORM, and Quantum's DLTice. Media is available from these manufacturers as well as from Fujifilm, Imation, Maxell and TDK TDK Türk Dil Kurumu (Turkish Language Council) TDK The Dark Knights (gaming clan) TDK Tokyo Denkikagaku Kogyo KK (TDK Electronics Co. Ltd. . It is important that the corporation can both rely on, and show auditors, that their documentation is authentic and up-to-date. This function is handled very well by most electronic document management systems. The use of check-in/check-out procedures creates a new record each time a document is created and subsequently modified, resulting in an acceptable audit trail. By addressing document control and authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. at the application level, companies that are non-SEC regulated can use any tape storage media to store information. Unfortunately, compliance to Sarbanes-Oxley may be an added cost to public corporations, with no major gain to their bottom line. Since all public companies must comply, there is no competitive advantage. Failure to comply is not an option. Therefore, it would be prudent for companies to budget carefully when implementing their compliance strategies to avoid noncompliance noncompliance failure of the owner to follow instructions, particularly in administering medication as prescribed; a cause of a less than expected response to treatment. noncompliance . In regard to data storage, the most cost-effective solution for compliance is the same solution as for all fixed and reference content: automated tape. Sarbanes-Oxley and Business Continuity Despite the costs and organizational scrambling that may be needed to implement compliance strategies, the investment community, the U.S. economy and the public at-large will be well-served by Sarbanes-Oxley. It won't completely eliminate the possibility that greedy people will do bad things, but it will limit their damage and provide swifter justice for those who are affected. The 99.99% of companies that consider themselves good corporate citizens should embrace Sarbanes-Oxley compliance as a necessary cost of doing business, but do so the same way they approach every other business initiative: as simply and cost-effectively as possible to limit the disruptions and financial impact to their organizations. With tape storage and effective data storage management processes, the short-term backup and long-term archival of data will meet the challenges and requirements of Sarbanes-Oxley and many other information management mandates. Rich Harada is president of the Tape Technology Council, the primary industry resource for promoting, integrating and using tape storage devices. TTC TTC Trying To Conceive TTC Toronto Transit Commission TTC Trans Texas Corridor TTC Toutes Taxes Comprises (French) TTC Trident Technical College (North Charleston, SC) TTC Temporary Traffic Control is a non-profit organization A non-profit organization (abbreviated "NPO", also "non-profit" or "not-for-profit") is a legally constituted organization whose primary objective is to support or to actively engage in activities of public or private interest without any commercial or monetary profit purposes. comprised of leading tape storage companies, functioning as a conduit for information exchange between manufacturers and the industry. The Tape Technology Council's members include Fujifilm, IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) . Imation, Maxell, Quantum, Sony, StorageTek, and TDK. www.tapecouncil.org www.sec.gov Opening shots in continuing stories ... |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion