STORAGE MANAGEMENT/MASTER: Building an Affordable Practice for Regulation Compliance Getting the most out of existing technology Marc Farley President.

Slides:

Advertisements

Similar presentations

Backing up and Archiving Data Chapter 1. Introduction This presentation covers the following: – What is backing up – What is archiving – Why are both.

Advertisements

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”

© 2008 Kroll Ontrack Inc.| Ontrack PowerControls 5.1 The ultimate “power tool” for SharePoint administrators.

…your guide through terrain

Developing a Records & Information Retention & Disposition Program:

Information Means The World.. Enhanced Data Recovery Agenda EDR defined Backup to Disk (DDT) Tape Emulation (Tape Virtualization) Point-in-time Copy Replication.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.

Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

RECORDS MANAGEMENT City of Oregon City “ That was then… this is now!”

© 2009 Kroll Ontrack Inc.| Ontrack PowerControls 6.0 for SharePoint™ A Better Way to Search and Restore.

Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.

November 2009 Network Disaster Recovery October 2014.

Discovery Planning steps (1)

Chapter 17: Computer Audits ACCT620 Internal Accounting Otto Chang Professor of Accounting.

1 Working Group on Archives and Records Management WGARM.

A Proposed Risk Management Regulatory Framework Commissioner George Apostolakis Presented at the Organization of Agreement States 2012 Annual Meeting Milwaukee,

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

1 Solving the records management problem A cloud-computing approach to archiving Amanda Kleha Product Marketing, Google May 20, 2008.

DotHill Systems Data Management Services. Page 2 Agenda Why protect your data?  Causes of data loss  Hardware data protection  DMS data protection.

Records Liaison Training City of Oregon City. The Role of Records Liaisons As Records Liaison you will:  Be your department’s “point person” for records.

Internal Control in a Financial Statement Audit

Module 7. Data Backups  Definitions: Protection vs. Backups vs. Archiving  Why plan for and execute data backups?  Considerations  Issues/Concerns.

David N. Wozei Systems Administrator, IT Auditor.

Meeting the Data Protection Demands of a 24x7 Economy Steve Morihiro VP, Programs & Technology Quantum Storage Solutions Group

1 SECURITY & HIPAA DATA ENSURE INC. 798 PARK AVE. NW SUITE 204 NORTON, VA (276) D E.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Archiving Where did I put that mail?. Business criticity Importance to manage : –Authenticity –Integrity –Perennity –Compliance High TCO of mail.

1 Maintain System Integrity Maintain Equipment and Consumables ICAS2017B_ICAU2007B Using Computer Operating system ICAU2231B Caring for Technology Backup.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.

Records & Information Management (RIM) Risk: Is Your Company Exposed? March 19, 2013.

Module 9 Planning a Disaster Recovery Solution. Module Overview Planning for Disaster Mitigation Planning Exchange Server Backup Planning Exchange Server.

IT Requirements Management Balancing Needs and Expectations.

Records Management Is Not an Option Anymore

Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.

Georgia Institute of Technology CS 4320 Fall 2003.

Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.

11 BACKING UP AND RESTORING SYSTEMS AND DATA Chapter 15.

E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.

Component 8/Unit 9bHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 9b Creating Fault Tolerant.

BACKUP/MASTER: Strategies for Archiving Dianne McAdam Senior Analyst and Partner Data Mobility Group.

OAIS Rathachai Chawuthai Information Management CSIM / AIT Issued document 1.0.

1 Records Management Organization The Committee provides guidance on operating the company’s records management program.

Business Analysis. Business Analysis Concepts Enterprise Analysis ► Identify business opportunities ► Understand the business strategy ► Identify Business.

Principles of Information Systems, Sixth Edition 1 Systems Design, Implementation, Maintenance, and Review Chapter 13.

Mobile Data Analytics v7.1 Architectural Overview Does one size fits all? Mobile Data Analytics v7.1 Disaster recovery strategiesA.

Hosted by Creating RFPs for Tape Libraries Dianne McAdam Senior Analyst and Partner Data Mobility Group.

The Power of Aligning Backup, Recovery, and Archive Bob Madaio Sr. Manager; Backup, Recovery and Archive Marketing EMC Corporation.

Developing a Project Management Standard for Your Organization Francine DiMicele, PMP June 08, 2015 NC Piedmont Triad Chapter.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Component 8 Installation and Maintenance of Health IT Systems Unit 9b Creating Fault-Tolerant Systems, Backups, and Decommissioning This material was developed.

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

Capability Maturity Model. CS460 - Senior Design Project I (AY2004)2 Immature Organisations Software processes are often rigorously followed. Organisation.

AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.

Business Continuity Planning 101

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

CDP Technology Comparison CONFIDENTIAL DO NOT REDISTRIBUTE.

Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Records Management with MOSS, K2, & PsiGen Deepa Patadia

A Technical View of Risk Assessment Methods for Backup Systems Bradley Wong Life Sciences Consulting Tustin, CA – USA DIA/All Hands: 12 February 2015.

Open-E Data Storage Software (DSS V6)

CompTIA Security+ Study Guide (SY0-401)

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Introduction of Week 6 Assignment Discussion

CompTIA Security+ Study Guide (SY0-501)

Chapter 8 Developing an Effective Ethics Program

Enterprise Content Management (ECM) Project

Presentation transcript:

STORAGE MANAGEMENT/MASTER: Building an Affordable Practice for Regulation Compliance Getting the most out of existing technology Marc Farley President Building Storage, Inc.

The changing role of IT: From data center managers To data stewards

The IT function will resemble a data library Searching, archiving and retrieving data

Regulations are forcing the issue Mandated data management Privacy, security Long-term availability

Regulation compliance adds new costs Planning costs Legal interpretation, capabilities assessment, solution designs, product evaluations Technology costs Hardware and software, maintenance Operating costs Day-to-day tasks, reports, audits, coordination Hidden costs Obsolescence, failure, proprietary traps

Risk management What is non-compliance? Missing data Slow retrieval Corporate risks Fines Reputation Personal risks Jail time (obstruction of justice) Exposure of incompetence

How to pass scrutiny Act responsibly Act reasonably Act consistently Keep records

Responsible management (Why didn’t you do this?) Have a plan with good intentions Integrate the plan into all deployments Management commitment and accountability Managing down to IT line workers to understand problems/opportunities

Reasonable management (2) (Why did you do it this way?) Average to above-average efforts and staffing Incremental change, not revolutionary change Prioritizing areas needing improvement Cost analysis and rationale

Consistent management (Why did you do it differently this time?) Adherence to guiding principles Maintaining and complying with operations schedules Making measurements (adding metrics where needed) Minimizing deviations

Document your decisions & work Meeting notes and decision rationale Management approval and sign-offs Strategic initiatives and priorities Operating plans and schedules Operations records and logs Known problems and severity

Getting started is a matter of willpower and words… A mission statement for IT that includes responsible and thorough data management Sponsorship from senior corporate management Adjust job descriptions to include compliance and data management.

…Continuing is systematic work Disciplined operations Systematic documentation Management oversight

Set reasonable expectations Regulations are new and legal interpretations are likely to change Set numerous, smaller, incremental, achievable goals

Focus area #1: Re-examining backup Backup capabilities/conditions Archiving role of backup Alternative backups for archiving

Analyze backup capabilities Analyze available backup logs Review software releases/updates Hardware age, errors and wear and tear Backup metadata growth and pruning Tape naming conventions

Archiving with your backup system Review and adjust existing archiving operations as necessary Monthly, quarterly, yearly? How are archives identified? Separate backup jobs or tape copies? How are restores done? How would regulatory restores differ?

Analyze archiving operations Age and wear of tapes used for archiving How are tapes selected for archiving? Verify and document test restores from archives Verify availability of backup metadata for restores. Review data retention policies How long are tapes kept? Is there an expiration policy?

Consider separate backup installations for archiving If you would consider a separate disk archiving system….. Why wouldn’t you consider a second backup installation that archives data?

Consider separate backup installations for archiving (2) Most data exists in the system for 1 month Most exists in the system for 1 quarter Separate software installations may be a good idea Different metadata is probably a very good idea Different naming conventions are a good idea Yearly (new) re-installs may be a good idea Additional backups can also be used for DR practice and real DR scenarios

Caveats with separate backup installations May require different backup products Platform restrictions Application assumptions Possible confusion during operations and with tapes media management “Foreign” media could be overwritten by mistake Confusion during disaster recovery is not good

Focus area #2: Point-in-time snapshots on disk PIT snapshot capabilities and coverage Archiving role of snapshots

Purpose of point-in-time snapshots Disaster recovery Data versioning Software/system testing Backup processing Archiving (WORM)

Snapshots for archiving One time write (or copy) Full snap, not partial Secondary storage ATA or SATA disk drives Can be powered off Keeps data from being overwritten Quarterly operations

Final thoughts on meeting regulatory requirements 4 extra copy cycles per year Look for things that fall through the cracks Integrate with other migration/expiration cycles and policies Redundant copies of all archives are required Tape copies should suffice Backup coverage not Media/devices should be exercised yearly