Meeting the requirements of the Sarbanes-Oxley Act
As I recall, the first optical discs became available in the fall of 1984. I was working for Sony at the time, and one of the engineers from Japan visited our office in New Jersey. “Bob”, he said, “Do you want to sell WORM in the US?” I looked at him kind of funny and said, “We don’t eat worms in this country”. “Oh no Bob-san, not worms, Write Once Read Many – W, O, R, M. This is optical disc”. This was my first introduction to optical storage. The technology has improved dramatically over the years and the market for the product has grown. Today optical disc systems are starting to replace tape libraries. The cost per megabyte is about the same, but optical storage is archival while tape is not.
As I recall, the first optical discs became available in the fall of 1984. I was working for Sony at the time, and one of the engineers from Japan visited our office in New Jersey. “Bob”, he said, “Do you want to sell WORM in the US?” I looked at him kind of funny and said, “We don’t eat worms in this country”. “Oh no Bob-san, not worms, Write Once Read Many – W, O, R, M. This is optical disc”. This was my first introduction to optical storage. The technology has improved dramatically over the years and the market for the product has grown. Today optical disc systems are starting to replace tape libraries. The cost per megabyte is about the same, but optical storage is archival while tape is not.
There are many reasons to archive corporate and government information. For example, the Sarbanes-Oxley Act of 2002 defines regulations for saving information. Here is a summary of some of the reasons for using optical jukeboxes to meet these requirements:
Companies and public entities must retain records for a variety of reasons:
- To comply with laws and regulations that mandate records retention,
- To retain the “corporate memory” of activities and events that may be required to meet ongoing business and historical needs, and
- To provide evidence in the event of an investigation or lawsuit in both regulated and nonregulated industries.
Increasingly, electronic records are defined in laws and regulations as being equal to traditional paper and micrographic records. This legal and regulatory evolution is recognition that the great majority of contemporary fixed content business and public records are now “born” electronic or converted to an electronic format. A second factor is that the volume of this fixed-content or “reference” information is growing at 50-80% or so per year – a growth that is well beyond the ability of an ever-expanding number of organizations to continue relying on manual intensive paper and micrographic formats as official records.
The majority of electronic fixed-content and reference records (like their non-electronic predecessors) must be retained in accordance with legal and regulatory requirements as well as for business needs. The risks of improper retention and management of records has grown substantially, especially after the the Sarbanes-Oxley Act of 2002 that embody penalties consisting of greater fines and jail terms.
Optical disk storage, like all forms of digital storage has a very important role in establishing and maintaining the accuracy, reliability and trustworthiness of electronic records. To date, optical disk storage has achieved this without any known legal exceptions. The durability, robustness, removability, longevity (including backward read compatibility) and flexibility of access (in near-line, off-line and selected on-line applications) suggest that optical disk storage will continue to play an important role for archiving electronic records in a trustworthy manner.
The Risk and Cost
The risk and cost of not retaining records in a trustworthy and readily accessible manner can be substantial, as shown by these relatively recent examples:
- A major company was fined $1,000,000 by the court, which found repetitive instances where employees had destroyed records in defiance of a court ordered Records Hold relating to current litigation.
- Five Wall Street brokerage firms were fined a total of $8,250,000 because they had “inadequate procedures and systems to retain and make accessible e-mail communications.”
- Arthur Andersen & Company literally “paid with its life” for the illegal destruction of records –- both paper and electronic – in the face of a pending regulatory investigation.
- When a record is offered as evidence in any formal legal or regulatory proceeding, it needs to be able to pass two tests:
- Admissibility – should the record be admitted as evidence into the proceeding at hand, and
- Credibility – is the weight ascribed to the record’s contents by the respective parties in a litigation or regulatory investigation.
- Thus, even if a record meets the test of admissibility in evidence, the content and context of the record, as well as the process by which the record was stored and managed, can be challenged in the course of a legal or regulatory proceeding.
Summary of Requirements:
Laws and regulations stipulate one or more of the following three methods for protecting the integrity of records:
- Establishment of a basic set of requirements that must be met for the full retention period of the record:
- The integrity of the record must be protected;
- Accessibility to the records must be provided; and,
- In some instances, an audit trail of events related to the record must be kept;
- Delineation of a system of controls that are designed to protect a record’s integrity as well as provide accessibility and accountability (audit trail) for the full retention period; and
- Employ a media technology that inherently protects against alteration and deletion, e.g., non-rewriteable and non-erasable or WORM. Cartridge-based, 5¼ inch Blu-ray optical disk technology provides an important set of attributes that support the requirements established by these laws and regulations, as well as supporting overall good practices for managing electronic records:
- A durable medium – designed to be relatively impervious to environmental contaminants and housed in a robust, fully encased cartridge.
- Non-rewriteable and non-erasable storage – offering protection of the electronic record at the lowest level of the chain of trust – the media and storage management components.
- Removeability – offering solutions for inactive, archival and, in certain cases, active access requirements, and making it particularly well suited for creating and retaining disaster copies of electronic records.
- Media longevity – the longest shelf life of any digital media.
- Backward read compatibility – a history of successfully providing the ability to read older media generations with newer write/read drive generations. In turn, this potentially reduces the number of migrations which then reduces the risk of record alteration or loss. Due to the explosive growth of electronic records, the mandate for trustworthy storage and management of electronic records is greater than ever before.
Each user organization must have a solid and comprehensive plan for managing electronic records, including up-to-date retention schedules. Every application should be evaluated based on its requirements for protecting the integrity, accessibility and retention life of the electronic records being created, received and stored. Industries and applications with higher risks for litigation or regulatory investigation (or both) must be extra diligent in establishing a chain of trust that inherently and obviously protects electronic records from alteration and premature deletion.
While there will undoubtedly be an increasing number of application, file management and digital storage solutions offered in the quest to address the explosive growth and expanding requirements for managing electronic fixed-content and reference records, cartridge-based, 5¼ inch WORM optical disk storage and DVD recordable discs will continue to play an important role in establishing a storage environment that is accurate, reliable and trustworthy.
If you would like to explore the optical jukeboxes available, please contact us. We can be reached at 1-800-431-1658 (in the USA) or 914-944-3425 (everywhere else).