The law, your company and its knowledge capital
In SA, over the past couple of years, a raft of new laws have been promulgated which strive to improve corporate governance and ensure greater levels of accountability and responsiveness from business.
Amit Parbhucharan, technology marketing director at Channel Data, looks at how companies can navigate the legal minefield and secure valuable corporate data and realise return on investment at the same time.
A raft of new laws have been promulgated which strive to improve good corporate governance models and ensure a greater level of accountability and responsiveness from businesses in SA.
These include the Electronic Communications and Transaction Act (ECT), the Promotion of Access to Information Act (PROATIA), the Regulation of Interception of Communication and Provision of Communication-related Information Act (RIC), the Financial Advisory and Intermediary Services Act (FAIS), and the Financial Intelligence Centre Act (FICA).
The challenge facing organisations today is how to work within the framework of these laws to harness and improve corporate information quality and its value for decision-making.
These laws have compounded the need for the protection and archiving of critical data. They have also highlighted the importance of the "information repository" or "knowledge capital base" of an organisation.
As this knowledge capital becomes more valuable, so it attracts more complementary data - which will subsequently lead to increased vulnerability to loss through human error, technical instability and even industrial espionage.
The challenges have been exacerbated by the explosion in the use of laptop computers and surging e-mail collaboration.
Organisations, in their efforts to mobilise their workforces and increase productivity have - inadvertently - opened the door to many of the enemies of regulatory compliance and good corporate governance.
The simple answer, according to many organisations, is to increase awareness of new regulatory compliance around the management and storage of data and encourage the delivery of timely, consistent and reliable business information on which decisions can be based.
All well and good, but it is concerning to note that this has been identified as an objective for the IT department alone.
The reason, one assumes, centres on a lack of understanding by senior corporate executives, not only of the legislation and its implications, but of the costs and complexities relating to compliance.
So, the more realistic answer is to converge the worlds of IT and business and, at the same time, demystify the technical aspects of enterprise-wide data management, storage and recovery.
Easier said than done. But once achieved, critical data and system/application layers can be assigned levels of protection and availability, based on user identity, the nature of the data and the specific business application involved.
Importantly, the levels of business value derived from this data will also have been identified and the IT investment optimised, and the laws of the land would be adhered to.
According to industry watchers, companies that move in this direction are most likely to realise a number of spin-off benefits - such as a better understanding of IT`s role in business, improved risk management, better business decision-making (thanks to higher quality data and more timely information) and more effective and efficient operational planning and execution.
Significantly, a greater alignment of business imperatives within assigned IT projects will also be realised. These include:
* A more complete understanding of asset protection
* The implementation of more effective data recovery strategies
* Increased availability of application services
* Longevity of data (within the framework of good corporate governance)
* The management of e-mail growth and archive processing (also within the framework of regulatory compliance)
* The ability to securely "un-wire" the enterprise to embrace wireless technologies, mobility and information protection - through the increased use of laptop computers
In order to achieve these objectives, it is necessary for companies to develop a matrix for all data and system/application usage against a backdrop of business and operational processes.
Executives must state and measure the value, in financial and perceived financial terms, of the benefits this process brings. They should note the impacts, net losses and other implications that accrue if specific data cannot be accessed or used.
Once a matrix has been developed it will support the establishment of Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for data assets.
This will help build a recovery solution using appropriate modern technology techniques and products that will be more appropriately aligned to business requirements.
RTO asks the following questions:
* How long do you have to recover the data?
* How long can the system do without the data?
* How long can the business/operational process survive without the data?
* How current must the data be?
* How old can the data be for the system to be valid?
* How backdated can the data be for the business/operational process to survive looking at data re-entry and dependant systems and process fed by this data?
The above represent the first, most crucial, steps toward a complete storage protection strategy. After all, what good is any IT infrastructure without a foundation built on proven methodologies and steps that work.