Bryant Bell, profile picture
Uploaded byBryant Bell
286 views

Overcome regulatory data retention challenges

The document outlines the necessity for modern enterprises to retain information for compliance with evolving regulations, allowing access for audits and legal inquiries. It emphasizes the challenges of data retention, access, and production for both current and legacy systems, recommending EMC InfoArchive as a solution to consolidate data and manage compliance effectively. The platform simplifies retention policy management and enhances the ability to respond to legal demands and regulatory requirements.

Embed presentation

Downloaded 11 times
OVERCOME REGULATORY DATA RETENTION CHALLENGES WITH COMPLIANCE ARCHIVING EMC PERSPECTIVE EXECUTIVE SUMMARY A modern enterprise must retain information for years in order to comply with ever-changing government and industry regulations. The enterprise must provide access to that information for auditors, both internal and external. It must be prepared to offer a wide range of information in response to litigation and inquiries by government regulators. That information may be summary reports, raw data exports or data reformatted into standard formats like PDF or MP3. What’s needed: A single platform for ensuring compliance.
TABLE OF CONTENTS EXECUTIVE SUMMARY.......................................................................... 1 REGULATORY OVERLOAD...................................................................... 3 RETAIN, ACCESS AND PRODUCE DATA.................................................. 3 EVER-CHANGING DATA RETENTION REQUIREMENTS........................... 4 LITIGATION AND RESPONSE ............................................................... 5 MORE COMPLIANCE, LESS RISK............................................................ 5 CONTACT US ........................................................................................ 6 2
REGULATORY OVERLOAD The CIO and IT can’t escape regulatory requirements, no matter the industry, from aerospace to finance, from manufacturing to pharmaceuticals; no matter the country, from tax records to licenses to government contracts. Compliance with retention requirements requires a lot of knowledge—and a lot of IT resources. Internal controls staff require reports. External auditors require detailed records, including raw data and reconstruction of events. Litigators on a fishing expedition require everything. Many types of information must be retained to fully satisfy compliance requirements: Transaction logs, patient records, blueprints, vendor invoices and signature scans are just some of the items included in formal records for products and services. For full compliance, however, unstructured content is also required, ranging from sales presentations to emails, from customer proposals to written correspondence. In many cases, particularly for recent transactions, those records are on live production applications. In other cases, those records may be on legacy systems— the old sales system before customer relationship management was moved to the cloud, the old human resources system used by that company acquired in the late 1990s. For example: The Dodd–Frank Wall Street Reform and Consumer Protection Act requires derivatives and commodities trading to be fully documented—including emails, voicemails, recorded phone calls, presentations and correspondence. Dodd- Frank affects every company involved in barter and derivative swap transactions with a bank or other financial institution. How about drug studies? Pharmaceutical and biotech companies need to store a wide range of structured and unstructured data about formulations, dosages, manufacturing processes, security and protection of controlled substances, clinical trials, monitoring of drug recalls, sales and marketing, prescriptions and delivery of products, to document compliance with rules from the Office of Compliance at the U.S. Food and Drug Administration. Every IT department dutifully maintains that information, often by keeping old data available on new systems, sometimes by maintaining legacy servers, software and infrastructure for that purpose. Intelligent archival solutions such as EMC InfoArchive can preserve and provide access to production and legacy information— combining data and content—at a lower cost, while improving access and simplifying regulatory compliance. RETAIN, ACCESS AND PRODUCE DATA It’s not rocket science: IT knows how to retain information for compliance. It’s expensive, of course. The information must not only be preserved, but also protected with backups and even off-site disaster recovery plans. When legacy systems are involved, costs include not only maintaining old server hardware and networking infrastructure, but also software licensing, consulting, backups and more. Data retention, however, is only one of the three goals of a regulatory compliance strategy: IT must also provide access and produce data. 3
Providing access can be a challenge, especially when access must be given to external entities such as auditors. Internal policies may prohibit giving access to production systems. What about when an audit or other query, such as e-discovery, requires access to many systems, many of which have their own user account schemes, or which require specialized access software? Providing timely access to the retained data may be a bigger headache than the data retention itself. Producing data on demand across those disparate systems is another headache. Need reports from an individual application? Easy. Need reports that correlate data across multiple applications? Hard. Pulling the data required to fully reconstruct a regulated transaction’s many phases? Better buy a case of ibuprofen, especially if that transaction contains both structured data (such as log files or accounting records) and unstructured data (like emails, phone calls, contracts and presentations). In response to an audit request, e-discovery or government investigation, most organizations can provide reports that cover the basics of the transaction but are unable to provide third-party access or reproduce entire transactions, especially when those transactions took place more than a couple of years ago. Data archiving onto EMC InfoArchive can help. The process migrates and consolidates all those disparate information sources—including production and legacy systems—into one platform, bringing together the data and content, including its contextual metadata. Because EMC InfoArchive stores the data, the content and its contextual relationships, retention becomes easy. Providing read-only access to an archive for reports and data retrieval is easy, and requires only one user account. Reconstructing transactions becomes far simpler (not easy, especially for complex transactions—but simpler). EVER-CHANGING DATA RETENTION REQUIREMENTS Question: How many data retention regulations affect the typical large enterprise? Answer: You don’t want to know. Data-retention regulations come from a tremendous number of bodies: In the United States, for example, there are rules from the Internal Revenue Service and the Sarbanes-Oxley and Health Insurance Portability and Accountability acts. There are regulations covering every aspect of every industry, including financial, automotive, aerospace, government/defense contracting, insurance, retailing, manufacturing, energy, import/export, transportation. Labor standards for pay, hours worked, breaks. Credit terms and payment details, including external market indexes. Bids, both accepted and rejected, and the bid requirements and process. Multiply those records by a factor of 10—or 100—for organizations that do business outside the U.S. Yes, that’s every business in the global economy. Take a snapshot of requirements at this moment: The compliance office and IT work hand in hand to ensure and certify that all information systems are compliant with regulations and industry norms. Come back in a week: Odds are, some requirement has changed. Certainly, standards and major requirements change at least quarterly for large businesses. Annually, it can be a whole new ball game. Are all systems still compliant? Maybe. Maybe not. Some systems may need patches or upgrades, or changes to policies defined throughout administrative consoles or storage management systems. That’s challenging enough for current production systems. What about those legacy platforms— are they flexible enough to handle the new regulatory requirements? What will it take to certify compliance with those requirements? 4
EMC InfoArchive can help, by providing a single, modern interface to view and change policies regarding information retention and access. Compliance officers can clearly see the retention policies, request changes and verify that the changes were implemented. The challenge of ensuring that the compliance team knows about the newest industry requirements or government regulations remains, of course, but from the IT perspective, those changes are no longer daunting. LITIGATION AND RESPONSE Lawsuits are a fact of daily life for large enterprises. Employees sue. Suppliers sue. Customers sue. Competitors sue. In civil suits, lawsuits are often accompanied by e- discovery, wherein the opposing attorney can often request a wide range of information, either in native form or as PDF files. Similar requests for information can come from search warrants or even seizure by government agencies. Nearly every type of electronic data can be requested by e-discovery or subpoenaed by a judge. This includes electronic messages, such as voicemails and emails, database files, billing records and more. While the legal department can seek to restrict the scope of the data request, for the most part businesses need to comply, providing the information quickly and in an acceptable format. It is essential that the organization retain information for the required periods, as determined by regulatory agencies, and in formats that can either be provided directly to third parties or converted into acceptable formats. (It may also be desirable for companies to destroy old information in compliance with retention policies, in some cases to ensure that the data is not available for e-discovery or a subpoena.) Storing such discoverable information in EMC InfoArchive offers the benefit of a single platform for identifying information available for e-discovery, and providing a means of exporting the data, either in its native form or in a format such as PDF for printed documents or MP3 for audio files. Not all legacy platforms can perform such exports; by migrating and consolidating the information into EMC InfoArchive, that capability becomes common across all information stored for regulatory compliance. The information can also be retrieved and reported in context, such as all structured and unstructured data regarding a specific tool or record. The ability to provide such information may allow the organization to provide a more tightly focused response to attorneys or government regulators, not only resolving the situation faster and less expensively, but also demonstrating good will and an earnest effort to comply. In a court of law and in the court of public opinion, a fast, thorough response can be enabled by EMC InfoArchive. MORE COMPLIANCE, LESS RISK A modern enterprise must retain information for years in order to comply with ever- changing government and industry regulations. The enterprise must provide access to that information for auditors, both internal and external. It must be prepared to offer a wide range of information in response to litigation and inquiries by government regulators. That information may be summary reports, raw data exports or data reformatted into standard formats like PDF or MP3. EMC InfoArchive provides a single platform for creating retention policies and certifying that information is stored in a way that meets those requirements—whether that information came from current production systems or older legacy platforms. EMC InfoArchive ensures that data and content are accessible in a secure, read-only way, by internal and external auditors, in compliance with regulatory obligations. It can also produce the evidence required by litigators during e-discovery or by regulatory and government inquiries. 5
6 Preserve, access, and produce: EMC InfoArchive is the best solution for addressing regulatory data retention and retrieval needs. Get a quote today for EMC InfoArchive in the EMC Store. CONTACT US To learn more about how EMC products, services, and solutions can help solve your business and IT challenges, contact your local representative or authorized reseller—or visit us at www.EMC.com. Copyright © 2014 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. The information in this publication is provided “as is.” EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. EMC2, EMC, the EMC logo, and the RSA logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners. Published in the USA. H13522

More Related Content

DOCX
Sushant edp
byzalak007
 
PPT
MIS chap # 10..
bySyed Muhammad Zeejah Hashmi
 
PDF
Irma Article Edrm Software Design And Selection
byConni Christensen
 
PPT
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
byPerficient, Inc.
 
PDF
Sarbanes-Oxley Compliance and the RFI/RFP Process
byCXT Group
 
PDF
Osterman report
byLouie Rivera
 
PDF
Capgemini ses - smart grid operational services- utility mobile it adoption...
byGord Reynolds
 
PDF
Case study of rules as relational data
byJeff Long
 
Sushant edp
byzalak007
 
MIS chap # 10..
bySyed Muhammad Zeejah Hashmi
 
Irma Article Edrm Software Design And Selection
byConni Christensen
 
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
byPerficient, Inc.
 
Sarbanes-Oxley Compliance and the RFI/RFP Process
byCXT Group
 
Osterman report
byLouie Rivera
 
Capgemini ses - smart grid operational services- utility mobile it adoption...
byGord Reynolds
 
Case study of rules as relational data
byJeff Long
 

What's hot

PPTX
Legal issues in technology
byEzraGray1
 
PDF
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
byCédric Laurant
 
PPT
MIS chap # 9.....
bySyed Muhammad Zeejah Hashmi
 
PDF
Business horizonsweston
byIkram KASSOU
 
PPT
Chap02
byFathur Rohman
 
PPT
Securing Business: Strategic Enablement of Users
byJon Gatrell
 
PDF
Protecting Patient Health Information in the HITECH Era
byRapid7
 
PPTX
Electronic Commerce
byellamee27
 
PDF
IT Security in Higher Education
byRapid7
 
PPT
Chap04
byFathur Rohman
 
PDF
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
byRapid7
 
PPTX
Chapter 2
byJennifer Polack
 
PDF
Rapid7 Report: Data Breaches in the Government Sector
byRapid7
 
PDF
2013 cost of data breach study - France
byBee_Ware
 
PPT
Management Information System one or two chapter By Amjad Ali Depar MBA Student
byAG RD
 
PPT
Look Before You Leap: Unauthorized Practice of the Law, Supervision of Non-La...
byKevin O'Shea
 
ODP
information system in business today
byshriya jha
 
PPT
5015.2 And Document Management Regulations
byguest709aa8
 
PDF
Mmis
bykumarimonika
 
Legal issues in technology
byEzraGray1
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
byCédric Laurant
 
MIS chap # 9.....
bySyed Muhammad Zeejah Hashmi
 
Business horizonsweston
byIkram KASSOU
 
Chap02
byFathur Rohman
 
Securing Business: Strategic Enablement of Users
byJon Gatrell
 
Protecting Patient Health Information in the HITECH Era
byRapid7
 
Electronic Commerce
byellamee27
 
IT Security in Higher Education
byRapid7
 
Chap04
byFathur Rohman
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
byRapid7
 
Chapter 2
byJennifer Polack
 
Rapid7 Report: Data Breaches in the Government Sector
byRapid7
 
2013 cost of data breach study - France
byBee_Ware
 
Management Information System one or two chapter By Amjad Ali Depar MBA Student
byAG RD
 
Look Before You Leap: Unauthorized Practice of the Law, Supervision of Non-La...
byKevin O'Shea
 
information system in business today
byshriya jha
 
5015.2 And Document Management Regulations
byguest709aa8
 
Mmis
bykumarimonika
 

Viewers also liked

PDF
Company meeting aimee
byMaherBirdAssociates
 
PPT
H:\Bca\Cars
byz179488
 
PDF
2010 Chevy Traverse in El Paso, TX
byViva Chevrolet
 
PDF
Tell us your story
byfuriousisland
 
PPTX
Portfolio Samples
bynethaneel
 
PPT
Grupo
byelencointerfacultades
 
PDF
2011 Volvo of English Creek XC90 Egg Harbor Township NJ
byVolvo of English Creek
 
PDF
XHR2 Wonder Land
byykhs
 
ODP
Sakutei ki
byBusiness Innovation Research Development
 
PDF
Intro02 h השקעות בחינוך בישראל 2008
byAnochi.com.
 
PDF
Continuous delivery
byAlexandru Bolboaca
 
PDF
נייר עמדה בנושא חוק הספרים JIMS
byAnochi.com.
 
DOC
The Effects of SEO on Website Visitation
byAliah Thomas
 
PDF
2010 Chevy Malibu Hybrid in El Paso, TX
byViva Chevrolet
 
PDF
Sustainability. Michael Fullan
byAnochi.com.
 
PPTX
Tamara's Glastonbury
byMaherBirdAssociates
 
ODP
Vauban and stairs
byBusiness Innovation Research Development
 
PPS
Clickatuak
byirikaitz
 
PPT
The fray ALBA GALINDO
bycaweke
 
PPTX
Susan alex july
byMaherBirdAssociates
 
Company meeting aimee
byMaherBirdAssociates
 
H:\Bca\Cars
byz179488
 
2010 Chevy Traverse in El Paso, TX
byViva Chevrolet
 
Tell us your story
byfuriousisland
 
Portfolio Samples
bynethaneel
 
Grupo
byelencointerfacultades
 
2011 Volvo of English Creek XC90 Egg Harbor Township NJ
byVolvo of English Creek
 
XHR2 Wonder Land
byykhs
 
Sakutei ki
byBusiness Innovation Research Development
 
Intro02 h השקעות בחינוך בישראל 2008
byAnochi.com.
 
Continuous delivery
byAlexandru Bolboaca
 
נייר עמדה בנושא חוק הספרים JIMS
byAnochi.com.
 
The Effects of SEO on Website Visitation
byAliah Thomas
 
2010 Chevy Malibu Hybrid in El Paso, TX
byViva Chevrolet
 
Sustainability. Michael Fullan
byAnochi.com.
 
Tamara's Glastonbury
byMaherBirdAssociates
 
Vauban and stairs
byBusiness Innovation Research Development
 
Clickatuak
byirikaitz
 
The fray ALBA GALINDO
bycaweke
 
Susan alex july
byMaherBirdAssociates
 

Similar to Overcome regulatory data retention challenges

PPTX
5 Ways to Boost Regulatory Compliance
byFlatirons Solutions®
 
PPTX
eDiscovery and Records Oh...My!
byJ. David Morris
 
PDF
EMC InfoArchive Overview: Offered by Sigma
byJonathan Simpson
 
PPTX
Trends in Data Lifecycle Management and Information Governance
byBryant Bell
 
PDF
Solutions Storage
byJim Chalil
 
PDF
Transform Unstructured Data Into Relevant Data with IBM StoredIQ
byPerficient, Inc.
 
PDF
Data Archiving white paper
byIBM India Smarter Computing
 
PDF
VILT - Archiving and Decommissioning with OpenText InfoArchive
byVILT
 
PPT
Brian Dirking Software Selection For Records Management
bybdirking
 
PDF
ASG_Record_Mgmts_Breaking_Point_White_Pa
byPatrick BOURLARD
 
PPT
Brian Dirking Knowing Your Organizations Goals Before Choosing A Product
bybdirking
 
PPT
Optim Insync10 Paul Griffin presentation
byInSync Conference
 
PPTX
Retrieval and Workflows
byVaughan Olufemi ACIB, AICEN, ANIM
 
PPTX
EMC Storage Redefine FILE
bysolarisyougood
 
PDF
9 Steps to Successful Information Lifecycle Management
byIron Mountain
 
PDF
101 ab 1445-1515
byChiou-Nan Chen
 
PDF
101 ab 1445-1515
byChiou-Nan Chen
 
PPTX
Records management overview - InFuture
byGreg Reid
 
PDF
Osterman report
byLouie Rivera
 
PDF
EMC Proven Professional Knowledge Sharing 2007 Book of Abstracts
byEMC
 
5 Ways to Boost Regulatory Compliance
byFlatirons Solutions®
 
eDiscovery and Records Oh...My!
byJ. David Morris
 
EMC InfoArchive Overview: Offered by Sigma
byJonathan Simpson
 
Trends in Data Lifecycle Management and Information Governance
byBryant Bell
 
Solutions Storage
byJim Chalil
 
Transform Unstructured Data Into Relevant Data with IBM StoredIQ
byPerficient, Inc.
 
Data Archiving white paper
byIBM India Smarter Computing
 
VILT - Archiving and Decommissioning with OpenText InfoArchive
byVILT
 
Brian Dirking Software Selection For Records Management
bybdirking
 
ASG_Record_Mgmts_Breaking_Point_White_Pa
byPatrick BOURLARD
 
Brian Dirking Knowing Your Organizations Goals Before Choosing A Product
bybdirking
 
Optim Insync10 Paul Griffin presentation
byInSync Conference
 
Retrieval and Workflows
byVaughan Olufemi ACIB, AICEN, ANIM
 
EMC Storage Redefine FILE
bysolarisyougood
 
9 Steps to Successful Information Lifecycle Management
byIron Mountain
 
101 ab 1445-1515
byChiou-Nan Chen
 
101 ab 1445-1515
byChiou-Nan Chen
 
Records management overview - InFuture
byGreg Reid
 
Osterman report
byLouie Rivera
 
EMC Proven Professional Knowledge Sharing 2007 Book of Abstracts
byEMC
 

Recently uploaded

PPTX
Free Website Traffic Generator - Targeted Web Traffic
byTargeted Web Traffic
 
PDF
Your Guide to Buying Verified Chime Bank Accounts Effectively.pdf
bybuyverifiedpaypalaccounts
 
PDF
FINANCIAL LITERACY Practices | Excellence Foundation for South Sudan
byExcellence Foundation for South Sudan
 
PDF
How to purchase a safely verified Chime bank account ....pdf
byndsfcm3nubx18jc4s6f4
 
PDF
Sukhi Jolly Framework for Infrastructure-Driven Growth
bySukhi Jolly
 
PDF
MCB-Code-of-Conduct Mansehra postal service operation management
bytanolihaseeb21
 
PDF
10k to 5k followers Twitter Accounts for Sale.pdf
by2oe47406ufcwa3h5xe3s
 
PDF
Buy US Facebook Accounts_ Risks, Rewards, and Smart ....pdf
bybesafa2553
 
DOCX
Why Choose buy TikTok Accounts Instead of New Ones.docx
bymarketing
 
PPTX
VivaPresentation-StephSharma-HultIntBusSch_April2024(slideshare).pptx
bySteph Sharma
 
DOCX
Easy Ways to Buy Old Gmail Accounts Smartly in 2026.docx
byUSAALLHUB Digital Marketer in 2026
 
PDF
Buy Cash App Accounts Today-20k BTC enable.pdf
byusa business
 
PDF
Joseph Heiman New Jersey - A Knack For Financial Management
byJoseph Heiman New Jersey
 
PDF
Stuart Frost - The Chief Executive Officer
byStuart Frost
 
PDF
Buy TikTok Shop accounts & Twitter accounts in 2026..pdf
bygetsmmpro getsmmpro
 
DOCX
The Ultimate Guide to Bulk Purchasing Old Gmail Accounts.docx
byBuy Verified Cash App Accounts
 
PDF
Top 10 Sites To Buy Verified Binance Accounts.pdf
byndsfcm3nubx18jc4s6f4
 
PDF
Adieu 2025 - Cyber Security way forward in 2026
byPrime Infoserv
 
PDF
Dimi Design Intelligence Addendum, All Parts.pdf
byBrij Consulting, LLC
 
PDF
Comments on Dimi Design Intelligence Addendum2, All Parts.pdf
byBrij Consulting, LLC
 
Free Website Traffic Generator - Targeted Web Traffic
byTargeted Web Traffic
 
Your Guide to Buying Verified Chime Bank Accounts Effectively.pdf
bybuyverifiedpaypalaccounts
 
FINANCIAL LITERACY Practices | Excellence Foundation for South Sudan
byExcellence Foundation for South Sudan
 
How to purchase a safely verified Chime bank account ....pdf
byndsfcm3nubx18jc4s6f4
 
Sukhi Jolly Framework for Infrastructure-Driven Growth
bySukhi Jolly
 
MCB-Code-of-Conduct Mansehra postal service operation management
bytanolihaseeb21
 
10k to 5k followers Twitter Accounts for Sale.pdf
by2oe47406ufcwa3h5xe3s
 
Buy US Facebook Accounts_ Risks, Rewards, and Smart ....pdf
bybesafa2553
 
Why Choose buy TikTok Accounts Instead of New Ones.docx
bymarketing
 
VivaPresentation-StephSharma-HultIntBusSch_April2024(slideshare).pptx
bySteph Sharma
 
Easy Ways to Buy Old Gmail Accounts Smartly in 2026.docx
byUSAALLHUB Digital Marketer in 2026
 
Buy Cash App Accounts Today-20k BTC enable.pdf
byusa business
 
Joseph Heiman New Jersey - A Knack For Financial Management
byJoseph Heiman New Jersey
 
Stuart Frost - The Chief Executive Officer
byStuart Frost
 
Buy TikTok Shop accounts & Twitter accounts in 2026..pdf
bygetsmmpro getsmmpro
 
The Ultimate Guide to Bulk Purchasing Old Gmail Accounts.docx
byBuy Verified Cash App Accounts
 
Top 10 Sites To Buy Verified Binance Accounts.pdf
byndsfcm3nubx18jc4s6f4
 
Adieu 2025 - Cyber Security way forward in 2026
byPrime Infoserv
 
Dimi Design Intelligence Addendum, All Parts.pdf
byBrij Consulting, LLC
 
Comments on Dimi Design Intelligence Addendum2, All Parts.pdf
byBrij Consulting, LLC
 

Overcome regulatory data retention challenges

  • 1.
    OVERCOME REGULATORY DATA RETENTIONCHALLENGES WITH COMPLIANCE ARCHIVING EMC PERSPECTIVE EXECUTIVE SUMMARY A modern enterprise must retain information for years in order to comply with ever-changing government and industry regulations. The enterprise must provide access to that information for auditors, both internal and external. It must be prepared to offer a wide range of information in response to litigation and inquiries by government regulators. That information may be summary reports, raw data exports or data reformatted into standard formats like PDF or MP3. What’s needed: A single platform for ensuring compliance.
  • 2.
    TABLE OF CONTENTS EXECUTIVESUMMARY.......................................................................... 1 REGULATORY OVERLOAD...................................................................... 3 RETAIN, ACCESS AND PRODUCE DATA.................................................. 3 EVER-CHANGING DATA RETENTION REQUIREMENTS........................... 4 LITIGATION AND RESPONSE ............................................................... 5 MORE COMPLIANCE, LESS RISK............................................................ 5 CONTACT US ........................................................................................ 6 2
  • 3.
    REGULATORY OVERLOAD The CIOand IT can’t escape regulatory requirements, no matter the industry, from aerospace to finance, from manufacturing to pharmaceuticals; no matter the country, from tax records to licenses to government contracts. Compliance with retention requirements requires a lot of knowledge—and a lot of IT resources. Internal controls staff require reports. External auditors require detailed records, including raw data and reconstruction of events. Litigators on a fishing expedition require everything. Many types of information must be retained to fully satisfy compliance requirements: Transaction logs, patient records, blueprints, vendor invoices and signature scans are just some of the items included in formal records for products and services. For full compliance, however, unstructured content is also required, ranging from sales presentations to emails, from customer proposals to written correspondence. In many cases, particularly for recent transactions, those records are on live production applications. In other cases, those records may be on legacy systems— the old sales system before customer relationship management was moved to the cloud, the old human resources system used by that company acquired in the late 1990s. For example: The Dodd–Frank Wall Street Reform and Consumer Protection Act requires derivatives and commodities trading to be fully documented—including emails, voicemails, recorded phone calls, presentations and correspondence. Dodd- Frank affects every company involved in barter and derivative swap transactions with a bank or other financial institution. How about drug studies? Pharmaceutical and biotech companies need to store a wide range of structured and unstructured data about formulations, dosages, manufacturing processes, security and protection of controlled substances, clinical trials, monitoring of drug recalls, sales and marketing, prescriptions and delivery of products, to document compliance with rules from the Office of Compliance at the U.S. Food and Drug Administration. Every IT department dutifully maintains that information, often by keeping old data available on new systems, sometimes by maintaining legacy servers, software and infrastructure for that purpose. Intelligent archival solutions such as EMC InfoArchive can preserve and provide access to production and legacy information— combining data and content—at a lower cost, while improving access and simplifying regulatory compliance. RETAIN, ACCESS AND PRODUCE DATA It’s not rocket science: IT knows how to retain information for compliance. It’s expensive, of course. The information must not only be preserved, but also protected with backups and even off-site disaster recovery plans. When legacy systems are involved, costs include not only maintaining old server hardware and networking infrastructure, but also software licensing, consulting, backups and more. Data retention, however, is only one of the three goals of a regulatory compliance strategy: IT must also provide access and produce data. 3
  • 4.
    Providing access canbe a challenge, especially when access must be given to external entities such as auditors. Internal policies may prohibit giving access to production systems. What about when an audit or other query, such as e-discovery, requires access to many systems, many of which have their own user account schemes, or which require specialized access software? Providing timely access to the retained data may be a bigger headache than the data retention itself. Producing data on demand across those disparate systems is another headache. Need reports from an individual application? Easy. Need reports that correlate data across multiple applications? Hard. Pulling the data required to fully reconstruct a regulated transaction’s many phases? Better buy a case of ibuprofen, especially if that transaction contains both structured data (such as log files or accounting records) and unstructured data (like emails, phone calls, contracts and presentations). In response to an audit request, e-discovery or government investigation, most organizations can provide reports that cover the basics of the transaction but are unable to provide third-party access or reproduce entire transactions, especially when those transactions took place more than a couple of years ago. Data archiving onto EMC InfoArchive can help. The process migrates and consolidates all those disparate information sources—including production and legacy systems—into one platform, bringing together the data and content, including its contextual metadata. Because EMC InfoArchive stores the data, the content and its contextual relationships, retention becomes easy. Providing read-only access to an archive for reports and data retrieval is easy, and requires only one user account. Reconstructing transactions becomes far simpler (not easy, especially for complex transactions—but simpler). EVER-CHANGING DATA RETENTION REQUIREMENTS Question: How many data retention regulations affect the typical large enterprise? Answer: You don’t want to know. Data-retention regulations come from a tremendous number of bodies: In the United States, for example, there are rules from the Internal Revenue Service and the Sarbanes-Oxley and Health Insurance Portability and Accountability acts. There are regulations covering every aspect of every industry, including financial, automotive, aerospace, government/defense contracting, insurance, retailing, manufacturing, energy, import/export, transportation. Labor standards for pay, hours worked, breaks. Credit terms and payment details, including external market indexes. Bids, both accepted and rejected, and the bid requirements and process. Multiply those records by a factor of 10—or 100—for organizations that do business outside the U.S. Yes, that’s every business in the global economy. Take a snapshot of requirements at this moment: The compliance office and IT work hand in hand to ensure and certify that all information systems are compliant with regulations and industry norms. Come back in a week: Odds are, some requirement has changed. Certainly, standards and major requirements change at least quarterly for large businesses. Annually, it can be a whole new ball game. Are all systems still compliant? Maybe. Maybe not. Some systems may need patches or upgrades, or changes to policies defined throughout administrative consoles or storage management systems. That’s challenging enough for current production systems. What about those legacy platforms— are they flexible enough to handle the new regulatory requirements? What will it take to certify compliance with those requirements? 4
  • 5.
    EMC InfoArchive canhelp, by providing a single, modern interface to view and change policies regarding information retention and access. Compliance officers can clearly see the retention policies, request changes and verify that the changes were implemented. The challenge of ensuring that the compliance team knows about the newest industry requirements or government regulations remains, of course, but from the IT perspective, those changes are no longer daunting. LITIGATION AND RESPONSE Lawsuits are a fact of daily life for large enterprises. Employees sue. Suppliers sue. Customers sue. Competitors sue. In civil suits, lawsuits are often accompanied by e- discovery, wherein the opposing attorney can often request a wide range of information, either in native form or as PDF files. Similar requests for information can come from search warrants or even seizure by government agencies. Nearly every type of electronic data can be requested by e-discovery or subpoenaed by a judge. This includes electronic messages, such as voicemails and emails, database files, billing records and more. While the legal department can seek to restrict the scope of the data request, for the most part businesses need to comply, providing the information quickly and in an acceptable format. It is essential that the organization retain information for the required periods, as determined by regulatory agencies, and in formats that can either be provided directly to third parties or converted into acceptable formats. (It may also be desirable for companies to destroy old information in compliance with retention policies, in some cases to ensure that the data is not available for e-discovery or a subpoena.) Storing such discoverable information in EMC InfoArchive offers the benefit of a single platform for identifying information available for e-discovery, and providing a means of exporting the data, either in its native form or in a format such as PDF for printed documents or MP3 for audio files. Not all legacy platforms can perform such exports; by migrating and consolidating the information into EMC InfoArchive, that capability becomes common across all information stored for regulatory compliance. The information can also be retrieved and reported in context, such as all structured and unstructured data regarding a specific tool or record. The ability to provide such information may allow the organization to provide a more tightly focused response to attorneys or government regulators, not only resolving the situation faster and less expensively, but also demonstrating good will and an earnest effort to comply. In a court of law and in the court of public opinion, a fast, thorough response can be enabled by EMC InfoArchive. MORE COMPLIANCE, LESS RISK A modern enterprise must retain information for years in order to comply with ever- changing government and industry regulations. The enterprise must provide access to that information for auditors, both internal and external. It must be prepared to offer a wide range of information in response to litigation and inquiries by government regulators. That information may be summary reports, raw data exports or data reformatted into standard formats like PDF or MP3. EMC InfoArchive provides a single platform for creating retention policies and certifying that information is stored in a way that meets those requirements—whether that information came from current production systems or older legacy platforms. EMC InfoArchive ensures that data and content are accessible in a secure, read-only way, by internal and external auditors, in compliance with regulatory obligations. It can also produce the evidence required by litigators during e-discovery or by regulatory and government inquiries. 5
  • 6.
    6 Preserve, access, andproduce: EMC InfoArchive is the best solution for addressing regulatory data retention and retrieval needs. Get a quote today for EMC InfoArchive in the EMC Store. CONTACT US To learn more about how EMC products, services, and solutions can help solve your business and IT challenges, contact your local representative or authorized reseller—or visit us at www.EMC.com. Copyright © 2014 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. The information in this publication is provided “as is.” EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. EMC2, EMC, the EMC logo, and the RSA logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners. Published in the USA. H13522