DLTIce™ – Storage Down Cold™ Enabling Compliant Data Archive

THE COMPLIANCE CHALLENGE

Suddenly the expression “Staying out of jail” has taken on a whole new meaning. Companies are scrambling to make certain they can meet new regulatory requirements to stay out of jail and avoid costly fines and penalties.

Consider the case of Bank of America. BofA was fined $10 million for failing to turn over e-mails and documents requested by the SEC as part of an ongoing investigation – the first fine in a standalone case for failure to cooperate with an SEC investigation. And BofA still faces possible charges of illicit trading, plus more stiff fines.

Due to these and other accounting, corporate governance, and privacy scandals in recent years, new government regulations have been enacted. Some of the major ones include: Sarbanes-Oxley Act:

The Sarbanes-Oxley Act of 2002, among other things, creates an oversight board to monitor the accounting industry, toughens penalties against executives who commit corporate fraud and increases the Securities and Exchange Commission budget for auditors and investigators.

Securities Exchange Commission (SEC) Rule 17a-4: Broker-dealers. This rule requires the retention of all customer records, financial transactions, bank records and buy and sell orders. All correspondence needs to be retained for around six years. This includes e-mail and perhaps Instant Messages, if the company uses IM for transactions. You need to keep a secure copy of every transaction to be made available if the SEC audits the company. Records must be maintained on non-alterable, non-erasable media.

Health Insurance Portability and Accountability Act (HIPAA): The Health Insurance Portability and Accountability Act covers healthcare, insurance companies, hospitals, doctors, dentists and insurance clearing houses. This rule affects x-rays, digital scans and medical records. Basically, all patient related information must be protected and possibly encrypted when transferred electronically.

Department of Defense 5015.2: Department of Defense records management standard. This standard focuses on records management and applications used by the department of defense. They are developing a list of certified solutions for use by the government that complies with best practices for security and retention. There are really no storage media requirements here, just certified application solutions that the DOD can use for records management. If your company develops records management applications for the government, you need to make sure the DOD has certified them.

21 CFR Part 11: Regulatory compliance for the drug industry. This rule affects all pharmaceutical companies, bio-tech and laboratory device companies. This rule focuses on making sure product quality exists and helps minimize risks during drug manufacturing. It also covers security and electronic records storage. These mandates have created significant compliance challenges for data management, electronic record keeping and electronic record retention functions. These mandates can require companies to set and meet very specific security and retention polices for corporate records such as financial records, medical records, and emails

They also mandate severe penalties for noncompliant organizations. For example, the Sarbanes-Oxley Act imposes the following penalties for violators:

        § 1519. Destruction, alteration, or falsification of records in Federal investigations and bankruptcy

“Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11 or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both. “

The result? Businesses are looking for solutions to support their efforts to be compliant with regulatory requirements. In particular, companies are looking for storage solutions that can meet the various mandate driven requirements for an electronic storage medium. These requirements generally call for a compliant electronic storage medium to support integrity protection, accessibility, duplication, migration and auditing. Additionally, customers want such a solution to be easily implemented in their existing technology infrastructure and have a low total cost of ownership (TCO).

TO WORM, OR NOT TO WORM

Compliance solutions by and large do not mandate that WORM (Write Once, Read Many) media be used. However, in efforts to secure the data that IT managers must retain, WORM functionality is a strong ally in the effort to maintain the integrity of that data. The frustration felt by many IT administrators is that the existing offerings for WORM have been costly and require investments in additional equipment.

The vast majority of the backup and recovery is currently handled by tape drives. The logical choice would be a WORM solution included in the tape offering. Unfortunately all current tape offerings require the management of additional equipment -- either drives and/or media. The recent announcement of DLTIce™ from DLTtape Technology is a viable solution for the compliance issues facing businesses today.

DLTIce is an extension of the award-winning DLTSage™ architecture platform. It enables DLTtape™ Technology to provide secure and easy to use archival functionality. Customers using DLTIce are able to leverage their existing investment in SDLT 600 tape drives, Super DLTtape™ II tape media and SDLT 600 drive-based automation products to effectively manage and implement a reliable tape archive and regulatory compliance solution. Specifically, with DLTIce, customers have a cost-effective and compliant electronic storage medium that supports:

1. A non-rewriteable, non-erasable format.
2. An automatic verification of quality and accuracy of the storage media recording process.
3. A serialization of original and necessary duplicate units of storage media.
4. A capacity to download indexes and records to other acceptable media.

HOW DOES DLTIce WORK?

DLTIce is the compliance management function of DLTSage, a suite of predictive and preventative management software tools that help customers to diagnose, plan, and manage their tape storage investments.

DLTIce is accessed through either storage management software or DLTSage xTalk. When accessed, DLTIce places an electronic key on each tape to ensure WORM integrity. This unique identifier can’t be altered, providing a tamper-proof Original Record Tape version that meets stringent compliance requirements:

    -    A non-rewriteable, non-erasable format – The DLTIce electronic key ensures that data already written on a tape cannot be rewritten, reformatted or erased. DLTIce does allow new data to be appended.

    -    An automatic verification of quality and accuracy of the storage media recording process – The SDLT 600 tape drive provides unmatched verification of the quality and accuracy of the physical data recording through its advanced ECC algorithms. DLTIce provides archive tape verification and tamper verification with time and date signature.

    -    A serialization of original and necessary duplicate units of storage media – This requirement is met through the time and date signature capability of any compliant storage management software. As data is written during each recording session, the storage management software issues a time and data stamp making it easier to locate and authenticate specific records.

    -    A capacity to download indexes and records to other acceptable media – Data stored on any Super DLTtape II media cartridge can be downloaded to virtually any storage media through any compliant storage management software.

Additional Customer Benefits Because of its unique implementation DLTIce requires no additional equipment. DLTIce uses a standard Super DLTtape II media cartridge and SDLT 600 tape drive. Unlike other WORM tape solutions, no special media or special drives are required. This simplicity meets customer requirements for:

1. A solution that’s easily implemented in their existing technology infrastructure.

2. A solution that has a low total cost of ownership (TCO).

DLTIce is supported by all the major storage management software ISVs, giving customers a variety of choices for building a compliant storage solution.

DLTIce AND SDLT 600    

DLTIce represents a new paradigm in the way customers can view tape storage solutions to protect their electronic documents and meet regulatory requirements. With the introduction of DLTIce on SDLT 600 tape drives and Super DLTtape II media, customers are provided the foundation for complaint electronic storage that is easy to implement into existing storage environments without incurring any additional costs.