By Mike Talon
Legislation can have a direct impact on disaster recovery and high availability systems. Other sources of regulation that may impact IT are organizations include the Federal Deposit Insurance Corporation (FDIC) and the Securities Exchange Commission (SEC). While their rules govern companies only in the United States, there are similar regulatory bodies in other countries.
The FDIC regulates banking and financial institutions and sets forth the rules and regulations that they must adhere to in order to maintain federal insurance on their deposits and other accounts.
Since consumer confidence is tied to the protection of deposit accounts, organizations don't want to lose FDIC protection due to failure to follow the rules. The FDIC rules currently mandate that an offsite back up of all accounts and reporting data is maintained at all times. At the minimum, this requires daily tape backups that are shipped to offsite storage on a regular basis.
Creating daily tape backups meets the requirements, but it doesn't address how to quickly restore the data. The tapes are housed in a location that most likely doesn't contain a restore methodology, and it could literally take days to recall the tapes back to your production facility to perform a restore.
There are other methods for getting the data to a nonproduction location that still allow you to meet the regulations and keep your FDIC insurance intact. These solutions include replications systems and mirroring software/hardware.
The SEC also has regulations that mandate the offsite storage of backup data. However, if a securities company fails to meet SEC regulations, it can lose its ability to stay in business. Furthermore, if an organization doesn't come into compliance with SEC regulations, the SEC can impart large fines and keep delinquent firms from doing business on financial exchanges.
New SEC regulations may mandate more strict backup and recovery procedures, requiring organizations to save data on a better than once-per-day backup schedule and to restore the data quickly. Once these regulations go into effect (there's no definitive time table yet), your business will need to get into compliance within the grace period determined by the SEC.
Finally, you can use these regulations to gain funding and create projects to meet and/or exceed your current DR and HA systems. Regulations directly impact your organization's ability to do business, and so they can be used for positive budget justification during the DR and HA planning process.
While most regulations specifically address DR, it's long and tiring work to wade through the numerous binders of information to find the key paragraphs you need. However, keep in mind that it may result in a larger budget and a much more complete project to properly protect your organization.
Mike Talon is an IT consultant and freelance journalist who has worked for both traditional businesses and dot-com startups.