Compliance now impacts all companies. European Payment Council (EPC).

Information must be retained

Information must be secure

Information must be retrievable

Information must be handled properly

Evidence of compliance must be demonstrated

Industry-specific drivers

Health Care: HIPAA

Pharmaceutical: 21 CFR Part 11

Financial/Securities: SEC 17a-3/4, Gramm-Leach-Bliley Act, numerous NYSE, NASD, and state regulations

Sarbanes-Oxley

Numerous state regulations, e.g. California SB 1386

PCI

Email is the most commonly-requested data type for compliance

Keys to Archiving Success

Get executive sponsorship beyond the IT team

Ensures the alignment of the programs objectives with mandated legal and regulatory requirements

Ensures alignment of business units with IT

Ensures alignment with client’s risk management, compliance management, and legal departments

Focus on industry requirements and approved standards

Correlate the program’s plans, policies, and SOPs to:

Current ISACA (Information Systems Audit and Control Association) of SOX (Sarbanes Oxley) Approved COBIT (Control Objectives for IT) guidelines

ITIL (Information Technology Infrastructure Library) best practice domains

Start with well-understood applications and solutions