As a result of events around the world in the last decade, and the recognition of the need for business continuity and sustainability, corporate governance legislation has abounded, with both local and international regulations coming into play that affect individual and corporate actions, writes Rajen Naicker, storage product specialist at Drive Control Corporation.
Regulatory compliance, corporate governance and risk management legislation, as well as recommendations and best practices like the recently released King III, have affected all companies in South Africa. In addition organisations that do business across international borders such as the US are subject to their regulations too, for example Sarbanes-Oxley, a US Act that deals with federal security.
Across the world, governments have realised that IT is now an integral part of running a modern business and many organisations keep a lot of information in electronic format. Due to this fact, legislation around governance, risk and compliance (GRC) is also concerned with the retention, protection and transfer of electronic information.
Regulations such as the Companies Act which will come into effect this year require organisations to be more accountable for their IT, including spend and data security. This, in conjunction with the ECT Act that was passed in 2002, provides strict guidelines for the control of the retention, transmission, processing and destruction of electronic records and communications.
Across many industries data is required to be safely and securely stored for a number of years, including financial services, healthcare, government industries, educational facilities and so on. Each industry and sector has its own regulations as to the exact length of time, but the fact remains that most laws governing data retention across industries require data to be stored for at least five years. The results of non compliance may be a hefty fine, a prison sentence or both, so it is in the best interest of organisations to take these laws seriously or risk their business.
However these regulations have also placed huge demands on storage infrastructure, and as data volumes continue to expand exponentially these requirements will only continue to grow. Data also needs to be regularly backed up and secured to be compliant, which means that storage solutions need to be optimised for the business in order to be effective. Added to this is the demand for ever faster solutions, as people are ill prepared to wait on a backup and archiving solution.
The combination of demands means that a high capacity backup and archiving solution is a necessity for the modern business. Automated tape libraries offer the highest capacity, most cost effective and portable solutions for long-term archiving and disaster recovery. Apart from the ability to provide large amounts of storage capacity, these tape libraries also offer the flexibility to scale and grow to meet ever changing demands on storage capacity.
Putting into place an automated system removes two common problems when it comes to data backup and archiving, namely human error and inefficient use of resources. Human error accounts for a large majority of failed or corrupted backups. With legislation in place and due to come into effect, organisations can no longer afford to have data that are inaccurate. Tape libraries that automatically perform backups remove the element of human error and mean that organisations can use valuable IT resources for more mission critical applications.
However, organisations do need to bear in mind that there is no 'one size fits all' approach when it comes to data retention, protection and storage and regulatory compliance legislation. The needs of the enterprise must be understood so that a comprehensive data protection approach can be designed that meets these needs.
Whether the business needs to speed up backup times, wants fast and frequent access to data, or has to improve disaster recovery capability and long term data retention, it is vital to ensure that optimum due diligence has been given in addressing regulatory compliance issues. A tiered data protection strategy that combines the advantages of several different technologies offers an ideal solution that addresses all of the above needs.