No matter what your compliance needs, you need to consider certain things when evaluating storage for regulatory-compliance purposes. I've found these steps helpful to follow in designing a storage compliance strategy.
- Determine what regulations affect corporate storage needs.
- Assess whether storage needs and compliance requirements affect the entire company or just specific business units.
- Determine what, if any, data-retention requirements your company must comply with.
- Verify whether your company must meet specific site-storage requirements. Evaluate what type of storage devices best serve the retention needs.
- Determine what, if any, requirements exist for data security (above and beyond normal corporate practice).
- Decide whether you can extend existing storage security to meet the regulatory requirements.
- Look for a comprehensive solution that meets compliance needs instead of jerry-rigging a piecemeal solution. For example, there are Value Added Resellers (VARs) who specialize in vertical markets and produce solutions that combine backup, storage, and management specifically to meet particular compliance needs.
- Implement storage policies and procedures that enable your organization to meet regulatory-compliance requirements.