Hosted by

Panel Discussion: “Regulatory compliance -- The effect on information management and the storage industry”

Moderator: Peter Gerr, senior research analyst, Enterprise Storage Group

Jeffrey PlotkinSecurities Attorney, Former SEC Chief AttorneyNew York Broker Division

Steve FikeSenior Technical Specialist, BJC Health Care

Panelists

Michael SullivanCo-founder, Executive ChairmanSteelpoint Technologies

Hosted by

Peter A. Gerr - AnalystThe Enterprise Storage Group, Inc.http://www.enterprisestoragegroup.com

Regulatory Compliance:

The effect on information

management and the storage

industry

Hosted byThe Compliance landscape is minefield

Rev. Proc 97-22

SEC 17ad-7

Sarbanes-Oxley

21 CFR Part 11

NARA Part 1234

HIPAA

eSign Act

SEC 17a-4

DoD 5015.2

ISO 15489-1

BSI DISC PD 0008:1999

e-Government Interoperability Framework (eGif)

Data Protection Act of 1998

Freedom of Information Act of 2000

Public Records Office

UK Metadata Framework

DICOM

SEC 17a-3

FERC Part 125

NASD 3010

NASD 3110

> 10,000 regulations in US alone

Scope: Compliance with Federal, State, Local regulations

Depth: Industry-specific, Public corporations

Impact: Cost to comply / remediate, Penalties for non-compliance

EPA

DOTRev. Proc 97-22

SEC 17ad-7

Sarbanes-Oxley

21 CFR Part 11

NARA Part 1234

HIPAA

eSign Act

SEC 17a-4

DoD 5015.2

ISO 15489-1

BSI DISC PD 0008:1999

e-Government Interoperability Framework (eGif)

Data Protection Act of 1998

Freedom of Information Act of 2000

Public Records Office

UK Metadata Framework

DICOM

SEC 17a-3

FERC Part 125

NASD 3010

NASD 3110

> 10,000 regulations in US alone

Scope: Compliance with Federal, State, Local regulations

Depth: Industry-specific, Public corporations

Impact: Cost to comply / remediate, Penalties for non-compliance

EPA

DOT

Hosted byKey considerations for IT professionals

Information is pervasive; Compliance is another driving force behind the creation, sharing, and retention of more

information

People, processes and technology need to scale as more records are retained

View compliance as both a business and technology discussion; Companies must evaluate the cost / benefits of digitizing records and online records

management

Enable business process reengineering and mitigate risks of non-

compliance and business disruption

Storage technology plays a central role; Applications drive the business and create the records that are the focus of compliance

The challenge and opportunity for vendors is that there are myriad technologies and

solutions that satisfy compliance regulations

Hosted byRecurring themes across verticals / industries

Expanding scope of regulations• Explosive growth in number of “compliant records”

• Increased complexity for IT / increased cost & risk for the business

Efficiencies managing the “lifecycle” of compliant records• Stringent & diverse privacy, security, & data protection needs

• Different retention / disposition schedules

Requirements for long-term compliant records storage:• “Discovery” – Can I retrieve / recover it?

• “Legibility” – Can I read it today and tomorrow?

• “Authenticity” – Can I verify it’s the original?

• “Auditability” – Can I provide for 3rd party review?

Hosted byCompliance impacts the entire organization

Compliant Records

Business Drivers – CEO / CFO How do I extract competitive differentiation

from my information while also protecting it? How do I reduce my technology operating

costs and risk while maintaining compliance?

Technology Drivers – CIO / CTO / IT Manager How can I reduce my cost of IT while managing growing

complexity and capacity? How can I best protect and manage my compliant

records along with my non-compliant data? How do I accomplish all this while delivering the

business resilient and consistent IT QoS?

Market Drivers – LoB Managers Within the context of regulatory compliance, how do I:

Leverage technology and information to bring products to market faster and at a lower cost?

Balance the need to comply and manage records appropriately with my need to share information quickly?

Regulatory Drivers – CRO / CCO / Legal Dept* What records must I retain and for how long

to maintain compliance? How do I reduce my technology operating

costs and risk while maintaining compliance? *CRO = Chief Risk Officer

CCO –=Chief Compliance Officer

Compliant Records

Business Drivers – CEO / CFO How do I extract competitive differentiation

from my information while also protecting it? How do I reduce my technology operating

costs and risk while maintaining compliance?

Technology Drivers – CIO / CTO / IT Manager How can I reduce my cost of IT while managing growing

complexity and capacity? How can I best protect and manage my compliant

records along with my non-compliant data? How do I accomplish all this while delivering the

business resilient and consistent IT QoS?

Market Drivers – LoB Managers Within the context of regulatory compliance, how do I:

Leverage technology and information to bring products to market faster and at a lower cost?

Balance the need to comply and manage records appropriately with my need to share information quickly?

Regulatory Drivers – CRO / CCO / Legal Dept* What records must I retain and for how long

to maintain compliance? How do I reduce my technology operating

costs and risk while maintaining compliance? *CRO = Chief Risk Officer

CCO –=Chief Compliance Officer

Business Drivers – CEO / CFO

Regulatory Drivers – CRO / Legal

Technology Drivers – CIO / IT Mgr

Market Drivers – LoB Managers

Hosted by

More Danger Ahead….

Hosted by

If you hear the “click”, it’s too late…

React Plan

Hosted by

Thank you!