The number and scope of regulations which apply to an organisation’s data, and the penalties from non-compliance with them, has been increasing rapidly in recent years. To comply means securely retaining and rapidly accessing information that is held within a large and fast-growing data store.
Compliance needs are even exacerbating the storage burden; for instance, from 2009, the Finance sector is faced with a requirement to store an actual recording of all business telephone calls – a massive additional storage requirement. This information needs to be retained and protected for a specified minimum time which in some cases runs to decades.
However, organisations are currently struggling to figure out even how to go about implementing policies capable of bringing them to full regulatory compliance – let alone to then maintain compliance even as regulations are added to or changed. This is partly because their existing data storage will have been created and maintained before the current Compliance needs emerged and so also without regard to the specific security levels demanded in order to be compliant.
In order to solve any problem there is first a need to recognise that one exists. In the case of Compliance there are in fact a series of practical problems which need identifying before they can be sensibly tackled.
Practical Compliance will describe a few situations organisations are encountering – or will soon encounter – to clarify some of the basic Compliance data storage needs which must be addressed. These may then be included, for instance, as must haves within a basic requirements list such as is contained in a request for information (RFI) document.