No matter what your compliance needs, you need to consider certain things when evaluating storage for regulatory-compliance purposes. I've found these steps helpful to follow in designing a storage compliance strategy.

  1. Determine what regulations affect corporate storage needs.
  2. Assess whether storage needs and compliance requirements affect the entire company or just specific business units.
  3. Determine what, if any, data-retention requirements your company must comply with.
  4. Verify whether your company must meet specific site-storage requirements. Evaluate what type of storage devices best serve the retention needs.
  5. Determine what, if any, requirements exist for data security (above and beyond normal corporate practice).
  6. Decide whether you can extend existing storage security to meet the regulatory requirements.
  7. Look for a comprehensive solution that meets compliance needs instead of jerry-rigging a piecemeal solution. For example, there are Value Added Resellers (VARs) who specialize in vertical markets and produce solutions that combine backup, storage, and management specifically to meet particular compliance needs.
  8. Implement storage policies and procedures that enable your organization to meet regulatory-compliance requirements.