Storage down cold: DLTIce is a compliant electronic storage medium.
Sarbanes-Oxley Act of 2002, among other things, creates an oversight board to monitor the accounting industry, toughens penalties against executives who commit corporate fraud and increases the Securities and Exchange Commission budget for auditors and investigators.
Securities Exchange Commission (SEC) Rule 17a-4: This rule requires the retention of all customer records, financial transactions, bank records and buy and sell orders. All correspondence needs to be retained for around six years. This includes e-mail and perhaps Instant Messages, if the company uses IM for transactions. You need to keep a secure copy of every transaction to be made available if the SEC audits the company. Records must be maintained on non-alterable, non-erasable media.
Health Insurance Portability and Accountability Act (HIPAA) covers healthcare, insurance companies, hospitals, doctors, dentists, and insurance clearing houses. This rule affects x-rays, digital scans and medical records. Basically, all patient-related information must be protected and possibly encrypted when transferred electronically.
Department of Defense 5015.2: This standard focuses on records management and applications used by the Department of Defense. They are developing a list of certified solutions for use by the government that complies with best practices for security and retention. There are really no storage media requirements here, just certified application solutions that the DOD can use for records management. If your company develops records management applications for the government, you need to make sure the DOD has certified them.
21 CFR Part 11: This rule affects all pharmaceutical companies, biotech and laboratory device companies. It focuses on making sure product quality exists and helps minimize risks during drug manufacturing. It also covers security and electronic records storage.
These mandates have created significant compliance challenges for data management, electronic record keeping and electronic record retention functions. These mandates can require companies to set and meet very specific security and retention polices for corporate records--such as financial records, medical records, and e-mails. They also mandate severe penalties for noncompliant organizations. For example, the Sarbanes-Oxley Act imposes the following penalties for violators:
[section]1519. Destruction, alteration, or falsification of records in Federal investigations and bankruptcy: "Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11 or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both."
The result? Businesses are looking for solutions to support their efforts to be compliant with regulatory requirements. In particular, companies are looking for storage solutions that can meet the various mandate-driven requirements for an electronic storage medium. These requirements generally call for a compliant electronic storage medium to support integrity protection, accessibility, duplication, migration and auditing. Additionally, customers want such a solution to be easily implemented in their existing technology infrastructure and have a low cost of total ownership.
To WORM or Not to WORM
Compliance solutions by and large do not mandate that WORM (Write Once, Read Many) media be used. However, in efforts to secure the data that IT managers must retain, WORM functionality is a strong ally in the effort to maintain the integrity of that data. The frustration felt by many IT administrators is that the existing offerings for WORM were costly and required investments in additional equipment.
The vast majority of the backup and recovery is currently handled by tape drives. The logical choice would be a WORM solution included in the tape offering. Unfortuna-tely, all current tape offerings require the management of additional equipment, either drives and/or media. The recent announcement of DLTIce from DLTtape is a viable solution for the compliance issues facing businesses today. DLTIce uses a standard Super DLTtape II media cartridge and SDLT 600 tape drive. Unlike other WORM tape solutions, no special media or special drives are required. This saves cost and maintains operational simplicity.
DLTIce is an extension of the award-winning DLTSage architecture platform. It provides DLTtape technology with a secure and easy to use archival functionality. Customers using DLTIce are able to leverage their existing investment in SDLT 600 tape drives, Super DLTtape II tape media and SDLT 600-based automation products to effectively manage and implement a reliable tape archive and regulatory compliance solution.
DLTIce customers have a cost-effective and compliant electronic storage medium which supports:
* A non-rewriteable, non-erasable format
* An automatic verification of quality and accuracy of the storage media recording process
* A serialization of original and necessary duplicate units of storage media
* A capacity to download indexes and records to other acceptable media
How Does DLTIce Work?
DLTIce is the compliance management function of DLTSage, a suite of predictive and preventative management software tools that help customers to diagnose, plan, and manage their tape storage investments.
DLTIce is accessed through either storage management software or DLTSage xTalk. When accessed, DLTIce places an electronic key on each tape to ensure WORM integrity. This unique identifier can't be altered, providing a tamper-proof Original Record Tape version that meets stringent compliance requirements:
A non-rewriteable, non-erasable format: The DLTIce electronic key ensures that data already written on a tape cannot be rewritten, reformatted or erased, but does allow new data to be appended.
An automatic verification of quality and accuracy of the storage media recording process: The SDLT 600 tape drive provides unmatched verification of the quality and accuracy of the physical data recording through its advanced ECC algorithms. DLTIce provides archive tape verification and tamper verification with time and date signature.
A serialization of original and necessary duplicate units of storage media: This requirement is met through the time and date signature capability of any compliant storage management software. As data is written during each recording session, the storage management software issues a time and date stamp, making it easier to locate and authenticate specific records.
A capacity to download indexes and records to other acceptable media: Data stored on any Super DLTtape II media cartridge can be downloaded to virtually any storage media through any compliant storage management software.
Additional Customer Benefits
Because of its unique implementation, DLTIce also meets customer requirements for:
* A solution that's easily implemented in their existing technology infrastructure
* A solution that has a low total cost of ownership (TCO)
DLTIce is supported by all the major storage management software ISVs, giving customers a variety of choices for building a compliant storage solution.
In the Field with Partners in Health
Partners In Health (PIH) is a much-honored non-profit medical assistance organization that provides clinical care in some of the poorest communities in the world--Haiti, Peru, Siberia, Mexico, Guatemala, and the United States. Two PIH co-founders, Dr. Paul Farmer and Dr. Jim Yong Kim, have won MacArthur "genius" grants, and Paul Farmer and PIH are the subjects of Mountains Beyond Mountains, a best seller by Pulitzer Prize winning author Tracy Kidder. PIH has leveraged its associations with elite health care organizations and donors to deliver modern, first-world medical technology, even in worst third-world situations.
Patient Care Depends on Safe Data
MIS Coordinator Yusuf Karacaoglu has been at PIH since 1996. "For continuity of care," he explains, "we need accurate medical records, and we need to protect the records. Our doctors are mostly volunteers. They go to a facility for two or three weeks, and then they go home, and somebody else comes in."
To make sure patient data does not get lost in the transition, Karacaoglu must be able to reliably restore data. "If documents get lost for whatever reason, I go to the backups on DLTtape media and push the documents back to the sites. The capacity of the SDLT 600 easily meets my needs for data protection. Now with DLTIce, I can be certain my records will not be lost or overwritten, enabling me to meet compliance regulations."
Yusuf recently had to restore 45 gigabytes of patient images and data to the clinic in Haiti from the Boston office--90% being image files, including x-rays and photographs of tuberculosis patients, burn patients, cancer patients, and a gunshot victim. These images are essential for diagnosis, treatment, and tracking progress.
To protect these vital patient records and valuable infectious disease research data, PIH relies on a Quantum SDLT 600 drive. PIH health workers in the field collect data and load it onto Windows 2000 servers in the organization's offices around the world. To back up these remote servers, Karacaoglu logs on from PIH headquarters in Boston and downloads the files to an FTP site, and from there to the SDLT 600 drive.
The PIH MIS team has kept its information infrastructure up and running, and DLTtape technology played an important part. Karacaoglu depends on DLTtape technology to protect vital medical data because: "DLTtape technology is reliable, it has the highest capacity, it's recommended by most system manufacturers, and I've had excellent previous experience."
DLTIce and SDLT 600
DLTIce represents a new paradigm in the way customers can view tape storage solutions to protect their electronic documents and meet regulatory requirements. With the introduction of DLTIce on SDLT 600 tape drives and Super DLTtape II media, customers are provided the foundation for complaint electronic storage that is easy to implement into existing storage environments without incurring any additional costs.
Steve Berens is senior director, product marketing and strategy, Quantum Corporation-Storage Devices (San Jose, CA)
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Storage Management|
|Publication:||Computer Technology Review|
|Date:||Jul 1, 2004|
|Previous Article:||SAN design and management: an ongoing process.|
|Next Article:||WORM-enabled tape storage: early birds get compliant.|