When it comes to compliance, those working within heavily regulated industries are well accustomed to the constant introduction and updating of new legal rulings. Thankfully, technology keeps evolving in support of businesses to help make meeting these requirements an achievable and even streamlined process.
Companies have a responsibility to keep accurate records of their communications and data, making sure that they are searchable, accessible, and compliant with the most up to date legal requirements. Record managers and professionals in heavily regulated professions and sectors, such as government, healthcare, and CPG must therefore keep up to speed with the best practices for implementing modern technology to ensure compliance needs are met.
Knowledge is power, and in this article, we’ll provide a deep dive into one essential aspect of data technology: WORM storage.
What Is WORM Storage?
WORM is an acronym for the phrase “Write Once, Read Many.” It describes a particular way that an organization can manage its data storage, and this method will often be required in order to obtain compliance with industry regulations. WORM storage ensures that once an organization stores a piece of data, it cannot be altered. This helps keep data in an authentic and protected state for preservation.
To leverage WORM storage, companies need to implement a system that doesn’t allow for data alteration or erasure. At the same time, this data must be easily accessible and readable. WORM storage technology protects businesses from many problematic data incidents, such as having the data mistakenly deleted or modified and makes sure they are compliant with recordkeeping standards from regulators.
The evolution of modern WORM drives predates CD-R and DVD-R technology. The earliest iteration of this storage came in the form of cartridges that contained an optical layer which could physically only be written on once.
Modern-day WORM-compliant storage has benefitted from the evolution of cloud-based technology, enabling a higher level of protection and practicality. Rather than relying on physical records, today, WORM storage in the cloud offers total data protection, preservation, and accessibility. Data stored is completely immutable – no changes can be made, and although a file can be accessed and read as many times as is required, it cannot be overwritten or deleted.
What are the main benefits of WORM Storage?
WORM technology protects companies from many of the issues that can commonly arise around data corruption and loss. The main benefits involved in implementing WORM storage include:
Compliance with Industry Regulations
Leveraging WORM storage helps to ensure that companies are compliant with recordkeeping standards and regulations. Simply archiving data is not enough. Businesses must have their data saved in the correct, unalterable format to meet legal standards and avoid severe fines and penalties. Failure to comply can be costly, with companies such as Wells Fargo Securities, RBC Capital Markets, RBS Securities and SunTrust Robinson Humphrey being fined up to $4 million for non-compliance.
Mitigation of Risks Associated with Poorly Archived Data
Companies must have a proper system to archive all data. If information is requested, as the result of an audit or litigation, and the necessary data has been lost or corrupted, problems (and penalties) will ensue.
Better Information Security
WORM Storage protects valuable and sensitive data and, more importantly, avoids them being doctored or edited. It protects from incidents, such as having data accidentally or intentionally modified.
Better Data Governance
WORM storage helps support the modern business-wide practice of methodical and well-considered data governance. It also allows you to better follow the Electronic Discovery Reference Model (EDRM), a model that outlines the stages of the eDiscovery process during an investigation.
Which Industries Benefit from WORM Storage?
While WORM storage can benefit a wide range of sectors, for many heavily-regulated industries, it’s a non-negotiable necessity. The financial sector, for example, must use WORM-compliance storage to meet Securities and Exchange Commission rule 17a-4, which requires the use of WORM storage to ensure data protection.
The Healthcare industry also uses WORM storage to meet medical-record retention and time requirements, with the HIPAA requiring healthcare providers to retain all documents related to their dealings for at least six years.
Companies that accept credit card payments also require WORM storage technology to meet PCI-DSS compliance requirements. The PCI-DDS requires that companies protect and store personal and financial information to avoid tampering.
Some of the key regulators that require the use of WORM storage are:
- SEC and FINRA – Electronic records must be preserved in a WORM compliant format for six years and with immediate accessibility for the first two years.
- NARA – NARA mandates organizations have an archiving solution, such as WORM, to prevent unauthorized access, modification, or deletion of data.
- MiFID II – MiFID II requires EU companies to use WORM technology to archive electronic records (including SMS and voice calls) for up to seven years.
- FCA (in the UK) – Companies are requested to store SMS and voice calls in WORM storage.
How To Ensure WORM Storage Compliance
Each industry regulator will have its own specific set of stipulations and standards regarding WORM storage compliance. As a result, when it comes to the exact specifics, it’s important to ensure you have a firm grasp of exactly what applies to your own industry.
Physical and device-based storages carry a significant risk to companies in the long run. These types of storage are more vulnerable to destruction, loss, theft, and modification. Keeping a high volume of documents and files is time-consuming and costly. Firms that are serious about their data integrity and compliance will move towards cloud-based compliant storage.
Cloud-based WORM storage reduces on-site storage, protects data from destruction or theft, and can be automated, so it is easier to implement in your daily operations and free from any risk of human error. Companies will also find it easier to locate and produce records of ESI on demand.
Pagefreezer enables cloud-based, WORM-compliant data storage as part of an easy and streamlined process. Data is automatically collected in real-time from a wide range of sources (including text messages, voice calls, email and other types of mobile content) and stored in a WORM-compliant medium.
How Pagefreezer Helps Compliance with FINRA/SEC Rule 17a-4(f) and WORM Storage Requirements
Pagefreezer helps companies operating within the Financial sector to meet the specific compliance requirements of their sector. The Financial industry constantly deals with a large volume of private data, such as account numbers, bank statements, card data etc.
As a result, the industry has to follow WORM storage requirements managed by regulatory authorities such as the Securities and Exchanges Committee (SEC) and the Financial Industry Regulatory Authority (FINRA), as outlined in rule 17a-4(f).
Pagefreezer helps financial institutions meet these specific archiving requirements. This is achieved in a number of ways, including:
- A private Ceph data storage cluster that is WORM configured with two storage nodes (with the data replicated on both nodes.)
- Data integrity and authenticity verified by calculating a hash value and placing a digital signature on each data object to confirm authenticity.
- Built-in bit-rot detection of the Ceph data storage cluster, which automatically verifies the quality and accuracy of the data.
- VEEAM backup software solution to write data to WORM tape storage. VEEAM performs a data integrity check when exporting on tape; the writing process is committed when the software finds a perfect match between the data, metadata, and file descriptors on the data source and destination (WORM tape).
- Advanced security features such as a secure shell, integrated firewall, RBAC/IAM access controls, AES-256 server-side encryption for data at rest, and SSL for data in transit.
As standard security practice, Pagefreezer stores duplicate copies of customer data on our WORM cloud storage environment. For additional peace of mind, a third copy can be stored on WORM backup tapes (which can then be retained for a set retention period).
Time to Dive Down the WORM Hole...
As technology evolves to meet rising standards, businesses must keep pace with modern compliance requirements. Companies produce a large volume of data every day, which is increasingly likely to be requested as the result of litigation or audit procedures. The consequences of failing with compliance requests are severe, and companies are vulnerable to high penalties and costly fines.
The growing amount of data generated by businesses (in a wide range of formats, including SMS and team collaboration tools) means that an automated software-based solution is the most practical and secure method of keeping on top of compliance requirements. As companies need to retain records for up to 6 years, this also tends to be the most practical approach in terms of physical limitations and time management.
Pagefreezer is an automated record-keeping solution that complies with all rules and regulations, providing the security of WORM storage, streamlining the eDiscovery process and facilitating data archiving from all sources.
To learn more about WORM storage obligations, read here to Understand FINRA/SEC Rule 17a-4(f) and WORM Storage Requirements.