Storage down cold: DLTIce is a compliant electronic storage medium

Computer Technology Review, July, 2004 by Steve Berens

"Staying out of jail" used to be an expression you would say when talking about your boss or career. Suddenly it is literal. Companies are making certain they can meet the new regulatory requirements to assure they not only stay out of jail but avoid costly fines and penalties. Due to numerous accounting and corporate governance scandals in recent years, new government regulations have been enacted, with some of the major ones listed below:

Sarbanes-Oxley Act of 2002, among other things, creates an oversight board to monitor the accounting industry, toughens penalties against executives who commit corporate fraud and increases the Securities and Exchange Commission budget for auditors and investigators.

Securities Exchange Commission (SEC) Rule 17a-4: This rule requires the retention of all customer records, financial transactions, bank records and buy and sell orders. All correspondence needs to be retained for around six years. This includes e-mail and perhaps Instant Messages, if the company uses IM for transactions. You need to keep a secure copy of every transaction to be made available if the SEC audits the company. Records must be maintained on non-alterable, non-erasable media.

Health Insurance Portability and Accountability Act (HIPAA) covers healthcare, insurance companies, hospitals, doctors, dentists, and insurance clearing houses. This rule affects x-rays, digital scans and medical records. Basically, all patient-related information must be protected and possibly encrypted when transferred electronically.

Department of Defense 5015.2: This standard focuses on records management and applications used by the Department of Defense. They are developing a list of certified solutions for use by the government that complies with best practices for security and retention. There are really no storage media requirements here, just certified application solutions that the DOD can use for records management. If your company develops records management applications for the government, you need to make sure the DOD has certified them.

21 CFR Part 11: This rule affects all pharmaceutical companies, biotech and laboratory device companies. It focuses on making sure product quality exists and helps minimize risks during drug manufacturing. It also covers security and electronic records storage.

These mandates have created significant compliance challenges for data management, electronic record keeping and electronic record retention functions. These mandates can require companies to set and meet very specific security and retention polices for corporate records--such as financial records, medical records, and e-mails. They also mandate severe penalties for noncompliant organizations. For example, the Sarbanes-Oxley Act imposes the following penalties for violators:

[section]1519. Destruction, alteration, or falsification of records in Federal investigations and bankruptcy: "Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11 or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both."

The result? Businesses are looking for solutions to support their efforts to be compliant with regulatory requirements. In particular, companies are looking for storage solutions that can meet the various mandate-driven requirements for an electronic storage medium. These requirements generally call for a compliant electronic storage medium to support integrity protection, accessibility, duplication, migration and auditing. Additionally, customers want such a solution to be easily implemented in their existing technology infrastructure and have a low cost of total ownership.

To WORM or Not to WORM

Compliance solutions by and large do not mandate that WORM (Write Once, Read Many) media be used. However, in efforts to secure the data that IT managers must retain, WORM functionality is a strong ally in the effort to maintain the integrity of that data. The frustration felt by many IT administrators is that the existing offerings for WORM were costly and required investments in additional equipment.

[ILLUSTRATION OMITTED]

The vast majority of the backup and recovery is currently handled by tape drives. The logical choice would be a WORM solution included in the tape offering. Unfortuna-tely, all current tape offerings require the management of additional equipment, either drives and/or media. The recent announcement of DLTIce from DLTtape is a viable solution for the compliance issues facing businesses today. DLTIce uses a standard Super DLTtape II media cartridge and SDLT 600 tape drive. Unlike other WORM tape solutions, no special media or special drives are required. This saves cost and maintains operational simplicity.