DLTIce
DLTIce™ – Storage Down Cold™ Enabling Compliant Data Archive
THE COMPLIANCE CHALLENGE
Suddenly the expression “Staying out of jail”
has taken on a whole new meaning. Companies are scrambling to make certain they
can meet new regulatory requirements to stay out of jail and avoid costly fines
and penalties.
Consider the case of Bank of America. BofA was
fined $10 million for failing to turn over e-mails and documents requested by
the SEC as part of an ongoing investigation – the first fine in a standalone
case for failure to cooperate with an SEC investigation. And BofA still faces
possible charges of illicit trading, plus more stiff fines.
Due to these and other accounting, corporate
governance, and privacy scandals in recent years, new government regulations
have been enacted. Some of the major ones include: Sarbanes-Oxley Act:
The Sarbanes-Oxley Act of 2002, among
other things, creates an oversight board to monitor the accounting industry,
toughens penalties against executives who commit corporate fraud and increases
the Securities and Exchange Commission budget for auditors and investigators.
Securities Exchange Commission (SEC) Rule
17a-4: Broker-dealers. This rule requires the retention of all customer
records, financial transactions, bank records and buy and sell orders. All
correspondence needs to be retained for around six years. This includes e-mail
and perhaps Instant Messages, if the company uses IM for transactions. You need
to keep a secure copy of every transaction to be made available if the SEC
audits the company. Records must be maintained on non-alterable, non-erasable
media.
Health Insurance Portability and
Accountability Act (HIPAA): The Health Insurance Portability and
Accountability Act covers healthcare, insurance companies, hospitals, doctors,
dentists and insurance clearing houses. This rule affects x-rays, digital scans
and medical records. Basically, all patient related information must be
protected and possibly encrypted when transferred electronically.
Department of Defense 5015.2: Department
of Defense records management standard. This standard focuses on records
management and applications used by the department of defense. They are
developing a list of certified solutions for use by the government that complies
with best practices for security and retention. There are really no storage
media requirements here, just certified application solutions that the DOD can
use for records management. If your company develops records management
applications for the government, you need to make sure the DOD has certified
them.
21 CFR Part 11: Regulatory compliance
for the drug industry. This rule affects all pharmaceutical companies, bio-tech
and laboratory device companies. This rule focuses on making sure product
quality exists and helps minimize risks during drug manufacturing. It also
covers security and electronic records storage. These mandates have created
significant compliance challenges for data management, electronic record keeping
and electronic record retention functions. These mandates can require companies
to set and meet very specific security and retention polices for corporate
records such as financial records, medical records, and emails
They also mandate severe penalties for
noncompliant organizations. For example, the Sarbanes-Oxley Act imposes the
following penalties for violators:
§
1519. Destruction, alteration, or falsification of records in Federal
investigations and bankruptcy
“Whoever knowingly alters, destroys, mutilates,
conceals, covers up, falsifies, or makes a false entry in any record, document,
or tangible object with the intent to impede, obstruct or influence the
investigation or proper administration of any matter within the jurisdiction of
any department or agency of the United States or any case filed under title 11
or in relation to or contemplation of any such matter or case, shall be fined
under this title, imprisoned not more than 20 years, or both. “
The result? Businesses are looking for solutions to support their efforts to be
compliant with regulatory requirements. In particular, companies are looking for
storage solutions that can meet the various mandate driven requirements for an
electronic storage medium. These requirements generally call for a compliant
electronic storage medium to support integrity protection, accessibility,
duplication, migration and auditing. Additionally, customers want such a
solution to be easily implemented in their existing technology infrastructure
and have a low total cost of ownership (TCO).
TO WORM, OR NOT TO WORM
Compliance solutions by and large do not
mandate that WORM (Write Once, Read Many) media be used. However, in efforts to
secure the data that IT managers must retain, WORM functionality is a strong
ally in the effort to maintain the integrity of that data. The frustration felt
by many IT administrators is that the existing offerings for WORM have been
costly and require investments in additional equipment.
The vast majority of the backup and recovery is
currently handled by tape drives. The logical choice would be a WORM solution
included in the tape offering. Unfortunately all current tape offerings require
the management of additional equipment -- either drives and/or media. The recent
announcement of DLTIce™ from
DLTtape Technology is a viable solution for the
compliance issues facing businesses today.
DLTIce is an extension of the award-winning DLTSage™ architecture platform. It
enables
DLTtape™ Technology to provide secure and easy to use archival
functionality. Customers using DLTIce are able to leverage their existing
investment in
SDLT 600 tape drives,
Super
DLTtape™ II tape media and
SDLT 600
drive-based automation products to effectively manage and implement a reliable
tape archive and regulatory compliance solution. Specifically, with DLTIce,
customers have a cost-effective and compliant electronic storage medium that
supports:
1. A non-rewriteable, non-erasable format.
2. An automatic verification of quality and accuracy of the storage media
recording process.
3. A serialization of original and necessary duplicate units of storage media.
4. A capacity to download indexes and records to other acceptable media.
HOW DOES DLTIce WORK?
DLTIce is the compliance management function of
DLTSage, a suite of predictive and preventative management software tools that
help customers to diagnose, plan, and manage their tape storage investments.
DLTIce is accessed through either storage
management software or DLTSage xTalk. When accessed, DLTIce places an electronic
key on each tape to ensure WORM integrity. This unique identifier can’t be
altered, providing a tamper-proof Original Record Tape version that meets
stringent compliance requirements:
- A
non-rewriteable, non-erasable format – The DLTIce electronic key ensures that
data already written on a
tape cannot be rewritten, reformatted or
erased. DLTIce does allow new data to be appended.
- An
automatic verification of quality and accuracy of the storage media recording
process – The
SDLT 600 tape drive provides unmatched
verification of the quality and accuracy of the physical data recording through
its advanced ECC algorithms. DLTIce provides archive tape verification and
tamper verification with time and date signature.
- A
serialization of original and necessary duplicate units of
storage
media – This requirement is met through the time and date signature
capability of any compliant storage management software. As data is written
during each recording session, the storage management software issues a time and
data stamp making it easier to locate and authenticate specific records.
- A
capacity to download indexes and records to other acceptable media – Data stored
on any
Super DLTtape II media cartridge can be downloaded to virtually any
storage media through any compliant storage management software.
Additional Customer Benefits Because of its
unique implementation DLTIce requires no additional equipment. DLTIce uses a
standard
Super DLTtape II media cartridge and
SDLT 600
tape drive. Unlike other WORM tape solutions, no special media or
special drives are required. This simplicity meets customer requirements for:
1. A solution that’s easily implemented in
their existing technology infrastructure.
2. A solution that has a low total cost of
ownership (TCO).
DLTIce is supported by all the major storage
management software ISVs, giving customers a variety of choices for building a
compliant storage solution.
DLTIce AND
SDLT 600
DLTIce represents a new paradigm in the way customers can view tape storage
solutions to protect their electronic documents and meet regulatory
requirements. With the introduction of DLTIce on
SDLT 600
tape drives and
Super DLTtape II media, customers are provided
the foundation for complaint electronic storage that is easy to implement into
existing storage environments without incurring any additional costs.