Compliance Appliance 1918

  • Hi- New member here. I am working for a company that is considering building an archive compliance device for data retension. There have been some discussions relating to what makes a device compliant, or in your mind, the preception of compliance. I guess my real questions are as follows:

    1. if a device is a ‘closed system’, where the administrator cannot directly ‘log on’, access logs or data, but can reproduce data that is requested, would this be considered acceptable?
    2. if the device was basically capable of being logged into directly by an administrator and the policies can be circumvented, does this remove the compliance preception?
      I am an I.T. admin that has been asked some questions and I really don’t have good answers for them. I would really appreciate some input, as my opinions are different than management and I don’t want to steer them in the wrong direction.

  • I would choose yes for question 1 if you mean that no one can write/delete/modify data in the device.
    For Q2 you can still be compliant if the activities performed by the admin are logged, the logs can’t be tempered with and these logs are reviewed on periodic basis.

Log in to reply