top of page
  • gary6304

Compliance


Compliance is the act or process of complying; it is to submit or conform as required by

regulations.


When parking your car on a city street, you are directed to park less than a foot from the curb, within the designated lines of a parking spot, and to pay the meter for the time the car is to remain parked. The consequence of not complying with these rules is a parking ticket or a tow. In some situations, getting a parking ticket is an inconvenience, but getting your car towed can be disruptive and costly. The same applies to data that has storage and retention requirements put forth either by regulatory government agencies or by an organization’s corporate rules (this data will be referred to as compliance data).


If you have ever managed data, these most common requirements will be very familiar:


Retain data for “X” years Ensure data retains integrity and is immutable

Manage access permissions Destroy data once retention has expired

Data must be easily accessible and readable Data must be secure


Complying with these requirements may not seem overwhelming, except when seen from the perspective of time.


We used to all have filing cabinets where we would place documents we wanted to keep, such as tax returns, marriage and birth certificates, contracts, etc. With the advent of computers and digital storage solutions (tape and drives), we no longer print paper copies, we just keep these documents on-line. Billions of records, files, object, images, documents… must be retained for years, even decades. The physical storage media used to retain data ages-out over long periods of time, forcing organizations to periodically migrate data while maintaining compliance.


Ok, copying data from disk to disk may not seem like a difficult task. There are many tools to help you do that. Unfortunately, compliant data can’t be just “copied”, it must be migrated in a way that maintains its compliance with regulations. Interlock Technology has developed processes and tools to address migration requirements for compliance data:


  • Chain of custody is maintained throughout the migration process. One of the key attributes of compliance migration is that data is read and then written only once; data being migrated can’t land on an intermediate storage that is considered persistent. Additional audit reports are made available to demonstrate access controls.



  • Data retention is maintained through the process. Let’s say a file has a retention requirement of 10 years. It resided on the first storage system for 6 years and is now being migrated to another storage system. When the file is written to target, the total retention is 10 years, but only 4 remain. This must be executed correctly to prevent data being deleted too soon or retained for too long.


  • Demonstrate data integrity; data has not been modified or altered throughout the process. A hash is calculated on the data before migration and after migration to ensure data consistency. Even if data is encrypted, consistency is retained without having to decrypt the data.



  • Data security is maintained; audit trail generated to show no unauthorized access, data modification or destruction, system controls, and data validation and verification. Data is migrated over the network using secure point to point connections or via VPN (when available).


  • Data migrated off NAS to Object (S3/REST) is transformed without conflicting with regulatory requirements during a data migration process.

Moving or copying data between systems may seem like a simple task, in some cases it may be, but when migrating data that is under regulatory control, there are steps that must be adhered to for the data to stay compliant. In addition to moving data across storage systems, compliance data owners must also consider application versions and data formats. Unlike paper, applications evolve and data formats change (think of what happens when opening an older version of Word, it prompts you that formatting may change) making it important to store not only the data but also the application version that wrote the data. You wouldn’t want to try reading Shakespeare without a word glossary.




14 views0 comments

Comments


bottom of page