Compliance

BackupVault® helps organisations address some of the newer and existing legislation surrounding data backup archival and compliance.

Several acts exist in relation to the storage and archival of computer data and the security under which that data is stored.

Whilst this is only one area of compliance, it is essential as part of a complete compliance plan. Our solution is instrumental in meeting many compliance standards.  Talk to us today and see how we can help your organisation get compliant.
There are several acts to be aware of depending on your organisation which may be relevant to you.
The chief one are listed below.

Data Protection Act Ireland

Back-up data are defined in the Data Protection Acts, 1988 & 2003 as being ” data kept only for the purpose of replacing other data in the event of their being lost, destroyed or damaged”. In order to come within the definition of ‘back-up data’, data cannot be part of a live system nor can they be used for any purpose other than replacing lost, destroyed or damaged data.

What constitutes lost, destroyed or damaged data?
Data that is either accidentally0 or deliberately deleted can be considered to be destroyed. Data that can no longer be found may be considered to be lost. Damaged data may result from files being corrupted.
However, a draft of a work-in-progress which is later overwritten is not considered to have been damaged or destroyed unless there is a clear policy of retaining drafts, in which case the draft should not have been overwritten.

What is the purpose of backing-up data? There is a requirement in the Data Protection Act that adequate measures be taken to prevent the unauthorised destruction or alteration of data.

“appropriate security measures shall be taken against unauthorised access to, or unauthorised alteration, disclosure or destruction of, the data..”

By backing-up data, a data controller/processor is taking steps to recover from such actions. In general, back-ups are most useful in a disaster recovery situation, where there has been a catastrophic system failure resulting in a large scale, if not total loss or corruption of data.

For how long should back-up data be held? This depends on how long after an event is it likely to be discovered that data have been lost, destroyed or damaged. This time period will depend both on the nature of the data and the nature of the organisation processing the data. For most situations, it would not be reasonable to keep more than a small number (ten or less) back-up tapes. On a daily back-up regime, this would allow for two working weeks in which to discover that data were lost, destroyed or deleted.

“93% of companies that lost their data center for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster.” National Archives & Records Administration in Washington)

Security of Personal Data

“Appropriate security measures shall be taken against unauthorised access to, or unauthorised alteration, disclosure or destruction of, the data, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.”

The security of personal information is all-important. It will be more significant in some situations than in others, depending on such matters as confidentiality and sensitivity. High standards of security are, nevertheless, essential for all personal information. Both “data controllers” and “data processors” must meet the requirement to keep data secure.

  • Data is encrypted before it leaves your network.
  • Data is transmitted using 256-Bit AES Encryption and Secure Socket Layer (SSL) technologies.
  • Your data is stored in encrypted format in our Dublin data centre
  • Facility is secure and requires photo id and security clearance to access
  • Data access is logged and time stamped for auditing purposes
  • Data is stored in an encrypted non-writable format

    http://www.dataprivacy.ie for further information

“31% of PC users have lost all of their files due to events beyond their control. 34% of companies fail to test their tape backups, and of those that do, 77% have found tape back-up failures. ” (National Archives & Records Administration in Washington)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Health care organizations are required to individually assess their security and privacy requirements and take suitable measures to implement electronic data protection (both in transit and in storage). As proposed, a HIPAA-compliant information system will need to include a combination of administrative procedures, physical safeguards, and technical measures to protect patient information while it is stored and while it is transmitted across communications networks

How our solutions addresses these issues.

  • Data is encrypted before it leaves your network.
  • Data is transmitted using 256-Bit AES Encryption and Secure Socket Layer (SSL) technologies.
  • Your data is stored in encrypted format in our Dublin data centre
  • facility is secure and requires photo id and security clearance to access
  • Data access is logged and time stamped for auditing purposes
  • Data is stored in an encrypted non writable format
  • Records Can be stored for as long as the customer wished to retain the data.
  • (Healthcare providers must retain health records (electronic, written and oral) for a minimum of 6 years in accordance with the HIPAA privacy final ruling)
“60% of companies that lose their data will shut down within 6 months of the disaster. 50% of businesses that found themselves without data management for this same time period filed for bankruptcy immediately. “ (National Archives & Records Administration in Washington)

SEC/NASG Regulations

The Securities and Exchange Commission (SEC) and the National Association of Securities Dealers (NASD) have instituted regulations that demand compliance surrounding the storage of financial records and electronic communications.

Specifically

  1. “Preserve the records exclusively in a non rewritable, non-erasable format.”
  2. “Verify automatically the quality accuracy of the storage media recording process.”
  3. “Have the capacity to readily download indexes and records preserved on the electronic storage media to any acceptable medium”
  4. “Store separately from the original a duplicate copy of the record stored on any medium acceptable for the time required”
How our solutions addresses these issues.
  • Data is stored in an encrypted non writable format.
  • All backups are crc vailidated and checksum vailidated to ensure accurate storage and notification of backup jobs.
  • All backups are stored with full catalogs and indexes that are time and date stamped.
  • All data remains in the backup vault until such time as it reaches it user defined retention period, regardless of how many restores are completed.