Content provided in partnership with

Technology Industry

Tape storage for Sarbanes-Oxley compliance

Computer Technology Review, Sept, 2004 by Rich Harada

When addressing new data storage mandates, IT professionals should take a step back to fully understand the storage requirements and then make an informed decision on the best strategies and technologies to deploy that meet the challenge. In all cases, the overall cost of the solution should be the deciding factor: If tape technology meets the requirements, why choose a more expensive option?

The implementation of systems to comply with the Sarbanes-Oxley Act of 2002 is a perfect example: A large amount of new data will be generated to comply, but this data may only be needed in the case of an audit. So why tie up expensive disk resources when existing automated tape systems can be leveraged to take on this incremental capacity load? Since tape is the least expensive option available for reliably storing large amounts of electronic information, it should always be considered during the system design and acquisition process.

Most Popular Articles in Technology: An overview of continuous data protection; Why all those current ratings?; Many countries now have a mobile penetration rate above 100%, report says; The Tata Group's big telecom gamble: VSNL's recent acquisition of Tyco ...; MEASURING BANK BRANCH EFFICIENCY USING DATA ENVELOPMENT ANALYSIS: MANAGERIAL ...; More »

At a fraction of the TCO (Total Cost of Ownership) of magnetic or optical disc systems, tape cartridges can store massive amounts of incremental data for less than $0.35 per Gigabyte (compared to about $30 per Gigabyte for a "compliance-edition" magnetic disk-based Content Addressable Storage system). Current tape media will retain data for 15 to 30 years, far exceeding the retention requirements of almost all organizations and the useful lifetime of a magnetic disk drive. And by using automated tape libraries for near-line access, any document can be retrieved quickly and without human intervention to fully meet the needs of management, employees and auditors.

The Sarbanes-Oxley Act of 2002 is a major piece of legislation that has generated an enormous amount of attention by a wide range of businesses. All public corporations that trade their stocks in the United States must ensure that they comply to avoid the significant financial penalties and criminal charges that Sarbanes-Oxley imposes.

The Facts of Sarbanes-Oxley

* It was enacted in response to several high-profile corporate financial scandals that resulted in huge losses for many thousands of investors and employees.

* The Public Company Accounting Oversight Board (www.pcaobus.org) was formed as the governing authority and issued its first set of rules for public auditing firms, effective May 24, 2004.

* Public auditing firms must register with the PCAOB and follow new rules for how they conduct audits of the financial statements and internal controls of their clients.

* Publicly traded corporations must implement and document internal financial controls that will ensure that their financial statements provide a fair and accurate representation of the business and its operating results.

* CEO and CFO must provide certification of their approval on each quarterly and annual financial report.

Tape Storage Meets the Sarbanes-Oxley Challenge

Within the 69 provisions of Sarbanes-Oxley, and its hundreds of subparagraphs, there is a new requirement to store or retain documents: "... registered public auditing firms must retain the working papers they use during an audit for 5 years". A corporation must create and document its internal financial control procedures and keep them freely available for employees and auditors. Corporations must store and retain all transactions that go into the financial statements, but there are no new rules on how long these records should be retained, or how they should be stored so corporations may keep them archived.

The unalterable nature of such information has caused the use of "write-once" or "compliance-edition" tape media to gain favor. Due to its record-only capability, another government regulation (SEC Rule 17a-4) requires the use of unalterable WORM (write-once read-many) storage media to retain records for seven years. This regulation applies to securities brokers and dealers, who have incorporated WORM into their storage environment. WORM-capable tape drives that are available include Sony's AIT and S-AIT WORM, StorageTek's 9840 and 9940 Volsafe, IBM's 3592 WORM, and Quantum's DLTice. Media is available from these manufacturers as well as from Fujifilm, Imation, Maxell and TDK.

It is important that the corporation can both rely on, and show auditors, that their documentation is authentic and up-to-date. This function is handled very well by most electronic document management systems. The use of check-in/check-out procedures creates a new record each time a document is created and subsequently modified, resulting in an acceptable audit trail. By addressing document control and authentication at the application level, companies that are non-SEC regulated can use any tape storage media to store information.

Unfortunately, compliance to Sarbanes-Oxley may be an added cost to public corporations, with no major gain to their bottom line. Since all public companies must comply, there is no competitive advantage. Failure to comply is not an option. Therefore, it would be prudent for companies to budget carefully when implementing their compliance strategies to avoid noncompliance. In regard to data storage, the most cost-effective solution for compliance is the same solution as for all fixed and reference content: automated tape.

Technology Industry

Tape storage for Sarbanes-Oxley compliance

Computer Technology Review, Sept, 2004 by Rich Harada

Find Research Guides for:

Find Featured Titles for: Autos

Most Popular Articles in Technology

Most Popular Publications in Technology