Stoarge_and_amp;Archiving - Retention_and_amp;Recovery Sales View 199



  • I’m a professional Sales Rep. we have a compliant backup/storage solution.%0ASOX clearly indicates that data has to be stored in a non erasable fashion, easily recovered as needed. Tape doesn’t cut it.%0AIn court, failure to recover old data (4 year old email, etc…) is being treated as if the company is hiding something. ‘Unfavorable information’ was the term used.%0AOrganic data is growing at such an alarming rate (SOX and others are driving it further) that some companies are taking 20+ hours for full backup.%0AFrom the sales perspective, I’m speaking with many people that are interested to learn what we’re doing. They like it and agree it’s much better and easier than tape.%0ABut few are pulling the trigger to switch. We are 25% more cost than tape. But the legal exposure and potential risks are huge.%0AIs anyone seriously considering migrating from a Tape backup solution too a SOX Compliance disk based solution? Why? Why not?%0AAre the possible legal repercussions even a consideration?%0AAny feedback is appreciated.%0AThanks



  • This post is deleted!


  • This post is deleted!


  • This post is deleted!


  • I wasn’t aware that tape wasn’t allowed–what section is that in? Our externals and consultants haven’t said anything about this.
    We have a separate methodology on emails and IM’s as we have to under other regulatory requirements, but we use tape to back up our network, incrementals daily and fulls on weekends.
    Ben



  • SOX doesn’t define what storage media is allowed. As Senator Sarbanes indicates ‘that’s for the courts to decide’ SOX states the penalties for not being able to produce data as:
    Title VIII: Corporate and Criminal Fraud Accountability Act of 2002.
    It is a felony to ‘knowingly’ destroy or create documents to ‘impede, obstruct or influence’ any existing or contemplated federal investigation.
    Auditors are required to maintain ‘all audit or review work papers’ for five years.
    Title IX: White Collar Crime Penalty Enhancements
    Maximum penalty for mail and wire fraud increased from 5 to 10 years.
    Creates a crime for tampering with a record or otherwise impeding any official proceeding.
    Section 1102: Tampering With a Record or Otherwise Impeding an Official Proceeding
    Makes it a crime for any person to corruptly alter, destroy, mutilate, or conceal any document with the intent to impair the object’s integrity or availability for use in an official proceeding or to otherwise obstruct, influence or impede any official proceeding is liable for up to 20 years in prison and a fine.
    Further, SEC CFR 240 17a-4 indicates :

    1. Electronic records must be stored on non-rewritable and non-erasable media.
    2. The system must ‘verify automatically the quality and accuracy of the storage media recording process.’
    3. The organization using electronic records must provide regulators with ‘facilities for immediate, easy readable projection or production of electronic storage media images and for producing easily readable images.’
    4. The system must ‘store separately from the original, a duplicate copy of the record.’
      An article at TechRepublic points out deficiencies regarding email:
      The scenario is common: A company gets a new Microsoft Exchange server, and the users are happy with the Outlook calendar and Internet e-mail capabilities. Messages go in and out, but there is no archival process. Backups are sent to tape, which are rotated weekly and overwritten. However, according to Sarbanes-Oxley, if your network administrator is instructed to overwrite the tapes, then your company knowingly allows potential evidence to be destroyed. Depending on your business risks, this scenario could become a malpractice time bomb. In addition, a simple backup of the Information Store with all the mailboxes in your Exchange server will not give you all the e-mails going in or out. So you are at risk when users delete messages, especially if they are engaged in some kind of misconduct.
      I don’t think tape is a media for long term storage. You can write over it and you can erase it. In the best environments, there is a strong possibility the tape will bleed through and be unusable.
      Unfortunately, the courts have already indicated that ‘a nice try’ when attempting to recover subpoenaed data is unacceptable.

Log in to reply