The number and scope of regulations which apply to an organisation’s data, and the potential for penalties from non-compliance with them, has been increasing rapidly in recent years. To comply means securely retaining and rapidly accessing information that is held within a large and fast-growing data store.
Compliance needs are even exacerbating the storage burden; for instance, from 2009, the Finance sector is faced with a requirement to store an actual recording of all business telephone calls – a massive additional storage requirement. Information needs to be retained and protected for a specified minimum time which in some cases runs to decades.
However, organisations are currently struggling to figure out even how to go about implementing policies capable of bringing them to full regulatory compliance – let alone to then maintain compliance even as regulations are added to or changed. This is partly because their existing data storage will have been created and maintained before many of the current compliance needs emerged, so also without regard to the specific security levels demanded in order to be compliant.
In order to solve any problem there is first a need to recognise that one exists. In the case of regulatory compliance there are in fact a series of practical problems which need identifying before they can be sensibly tackled.
Peter Williams’ Practical Compliance white paper describes a few real world situations organisations have encountered – or will soon encounter – in order to clarify some of the basic compliance data storage needs which must be addressed. It then summarises the identified “must haves” which can, for instance, be contained in a request for information (RFI) document. By this means it also demonstrates the need for a radically different approach to storage, archiving and information retrieval than is provided by most storage software at present.
Peter Williams’ Practical Compliance white paper is available for free download (subject to terms).