Four Tips to Economically, Effectively and Efficiently Meet Today's Complex Mix of Compliance Requirements

Most organizations already have more than enough on their plates in terms of simply trying to meet the day-to-day demands of their business. So the last thing many have time to deal with is the complex mix of both pre-existing and emerging regulations that govern how they access, maintain, retain and secure their records. Yet respond to these demands they must. Doing so begins by following four tips so they may address these concerns in an economical, efficient and effective fashion.

Compliance is the new reality for ALL businesses regardless of their size with almost no limits as to how far it reaches into their business. How they account for assets, how long they retain employee information and even how well they respond to litigation holds are just some of the new realities of doing business in today's world. About the only aspect that varies from business to business are the laws to which they are subject and how they must comply.

For instance, accountants that work for public firms are subject to the Security and Exchange Commission's (SEC) more stringent accounting standards and must quarterly file income reports to its EDGAR online database. All accountants, whether they work for public or private businesses, must submit quarterly records of taxable earnings to the Internal Revenue Service (IRS) and maintain accurate Social Security information on all employees.

Physicians have a different set of compliance requirements. While exempt from SEC reporting requirements, they must comply with the IRS as well as a growing number of compliance requirements issued by Health and Human Services (HHS). These "voluntary" requirements are intended to help physicians minimize billing mistakes as well as document they not violating self-referral and anti-kickback statutes.

Failure to implement these "voluntary" rules comes with an ominous overtone. If they fail to implement them, it increases their chances of an audit by the Centers for Medicare and Medicaid Services (CMS) or the Office of Inspector General (OIG).

Another set of regulations to which many businesses must adhere are the Payment Card Industry Data Security Standards (PCI DSS). These rules are applicable to all businesses that accept credit cards and govern how they must store and manage credit card information. Failure to comply with regulations could result in lawsuits, payment card issuer fines and even government fines.

Finally, all businesses must at least be prepared for the possibility of a lawsuit. 73% of companies reported having a lawsuit filed against them in 2011 which was actually a decrease of 2% from 2010. Further, this same survey also found that 40% of responding companies were subject to regulatory action and 46% reporting doing internal investigations. This represented a 3% increase from 2010.

So the question facing businesses today is not, "Are there laws to which my business must comply?" Rather, it is, "How do I prepare my business now so it is prepared to economically, efficiently and effectively comply with these various regulations?"

No silver bullet exists that enables businesses to magically meet all of these different regulations to which they are subject. However there are four (4) tips they may follow and technologies they may implement that make complying with them easier, faster and cheaper to accomplish.

1. Identify a multi-purpose technology that maps to current budget allocations. Businesses continually need to "do more with less" but that approach only works if they put technologies in place that enable them to achieve that objective. To do so, the technology minimally needs to first meet the existing operational needs of the business while also preparing it to meet these new compliance requirements.

While there are many technology directions one may go, data storage is a good starting point. Most businesses already have a budget for hardware to store backup and production data so there is no need to try to create a new budget category. However these storage solutions are typically intended to address a single challenge. What they instead need is a storage solution that may be used in multiple roles.

Removable Disk Technology (RDX) and storage solutions built on it are prime examples of this multi-purpose technology that they need. Using storage solutions built on RDX technology such Imation's DataGuard and InfiniVault products, businesses still get the storage capacity and performance that they need to store their backup or production data while affording them the options they need to satisfy their various and changing compliance requirements. Using these RDX-based solutions, they may archive data to different tiers of storage, secure it, store it offline and even move it offsite. 

2. Provides a disaster recovery (DR) component. No business is immune from disasters. This may be brought on by more isolated incidents such as data corruption, human errors or system failures or they may be more wide spread resulting from power outages or natural disasters. Regardless of the cause, the greater risk that businesses run is the inability to recover from a disaster. 

Disaster recovery plans are already required of businesses subject to SEC and HIPAA (Health Insurance Portability and Accountability Act) regulations with other agencies likely to follow suit with similar rules sooner or later. As such, it behooves businesses to choose a solution that at least puts them on a path to providing DR if it does not do so immediately.

Solutions based on RDX technology provide just such an answer. RDX solutions such as InfiniVault and DataGuard may create at least two copies of data so businesses may recover either locally or remotely depending on the scope and nature of the disaster. Equally important, these solutions may be deployed in a manner to which businesses are accustomed. InfiniVault may be deployed as a file server into an existing IT environment while DataGuard is deployed as a backup target. 

Once deployed, either one may create multiple copies of data on multiple RDX cartridges. One RDX cartridge may be kept online for production data, another cartridge with a copy of data may be kept locally and potentially a third cartridge with another copy of data may be offsite. Businesses may even optionally use DataGuard and InfiniVault to replicate data offsite. 

Adding to the appeal of these solutions, they both make data recoveries fairly straightforward. In some cases, recoveries may be as simple as inserting an RDX cartridge into the DataGuard or InfiniVault which may then immediately access and use data on the cartridge.

3. Uses storage cost-effectively. A growing concern for businesses today is the operational costs associated with IT such as power, heating and cooling that are quickly overtaking IT's upfront capital costs. These operational costs become even more problematic when viewed in the context of compliance.

Satisfying most compliance mandates typically only requires that businesses be able to quickly access their data. However the requirement is rarely if ever that the data be "online." This had important ramifications in terms of the type of storage media that may be used to house this data. RDX-based solutions such as the Imation DataGuard and InfiniVault address these concerns on two fronts. 

First, businesses minimize their upfront capital costs by only needing to acquire as much storage capacity as they need to store the data that they have today and then scale up as needed.  RDX cartridges are available in cartridge size ranging from 146 GB to 1 TB which frees businesses to buy more storage capacity as they need it, in the amount that they need it and at a price point they can afford. Further, since storage costs are continually dropping, they may be able to acquire more storage capacity at a lower price point later on.

Second, businesses only need to keep online the RDX cartridges that they need for production. Other data that is needed to satisfy compliance requirements but not needed on a day-to-day basis may be stored on RDX cartridges that are in a near-line state. In this condition, they are powered off though may be powered on in seconds. In this way, all data remains accessible, searchable and retrievable even as businesses keep their operational costs under control.

4. Flexibility to use file server and/or backup solution as an archive. Businesses like simple and keeping all of their archival data on their file server or backup target is simple for them to understand and practical to implement. The issue becomes managing it when either the file server and/or backup target fills up or they need to upgrade to a newer solution.

RDX-based solutions such as the Imation DataGuard and InfiniVault solutions address these concerns. Since RDX technology is removable as well as backward and forward compatible, new, large capacity RDX cartridges may be added into either the DataGuard or InfiniVault so they theoretically will never run out of capacity.

Their use of RDX also facilitates the transition of data from one generation of product to the next. Rather than a painful, time-consuming data migration, RDX cartridges may be simply moved from the old generation of product to the new one. This makes upgrades essentially plug-n-play operations, lowers upgrade costs since they may continue to use the RDX cartridges in the new solution and 

Maybe most importantly, they do not need to re-create data management policies on the new solution. As data management policies typically outlive the underlying technology on which they were created, as businesses upgrade the hardware and move data into it, the same data retention policies stay in force. In this way, even if they physically move all new data into the new solution by means of the RDX cartridges, the policies will ensure they only retain what they are legally obligated to keep.

Whether businesses like it or not, compliance is a harsh reality of operating in today's world and for which all size businesses must provide an answer. However to date an easy to implement and manage solution has not really existed that deliver on the tips presented here.

Imation's RDX-based DataGuard and InfiniVault storage solutions change that scenario. They provide businesses with the type of storage solutions they need that fit within their existing budgets, satisfy their operational requirement and add the needed new flexibility to meet their existing and emerging compliance requirements.

Independently or together, these Imation storage solutions give businesses for the first time more reasons than ever to believe that achieving compliance is more than just a good idea. It can be a reality.