| Clients ask me that question everyday. I wish there | | | | storage, less valuable data can reside on less |
| was a one-size fits all answer. Unfortunately, data | | | | expensive disks. |
| retention policies are not that simple. They are | | | | Many businesses embrace data classification as a |
| directly dependent upon the specific data and | | | | means of mitigating legal risk and meeting |
| applications. Add in the complications of regulatory | | | | government compliance demands. Other companies |
| requirements, and data retention becomes a problem, | | | | experience a more fundamental need to know what |
| which needs a custom solution. | | | | data is available and where it is located in their |
| Businesses must ask the following questions: What | | | | storage architecture. |
| data should be kept and for how long? What are the | | | | Again, each business determines what data is |
| best ways to evaluate what data is important to | | | | important to its needs and implements the most |
| keep? How do you identify and categorize data that | | | | efficient policy to retain that data. |
| is mission critical, business critical and operationally | | | | How do you categorize the different types of data |
| important? | | | | that is important to your company? |
| Answers will of course vary by business. One thing is | | | | Breaking down our data analysis further, we can |
| certain: human input will form a data protection policy, | | | | explore data that is business critical, mission critical |
| not computer software and hardware. Data | | | | and operationally important. |
| protection is a team project. IT executives, | | | | Business critical data: This is information or recorded |
| accounting and operational personnel must work | | | | data stored that is crucial to the existence of the |
| together to develop the right plan. That lends | | | | business or organization as a whole. In other words, |
| integrity to the entire data retention process. | | | | the data stored can make or break the business. |
| Most businesses fall short in their data retention | | | | These business-critical records come in many forms, |
| policies and procedures. A recent survey by Cohasset | | | | from high-profile financial reports to the simplest |
| Associates Inc. indicated that 76 percent of the | | | | Microsoft Excel and Word documents. |
| respondents believed that improvements are | | | | For example, companies use Excel for the reporting |
| necessary to their data-retention management | | | | and analysis of corporate data. A purchasing |
| program. | | | | department must compile and organize hundreds of |
| According to the survey, many businesses do not | | | | contracts with different renewal dates. More than |
| plan enough to create a quality data protection policy. | | | | one person checks a centrally held spreadsheet. For |
| To lay a solid foundation and keep pace with the | | | | compliance reasons, companies must retain and |
| growing trend of data retention policies, the chief | | | | archive these live, dynamic documents. |
| information officer (CIO) of any business must | | | | Security of such business critical data is paramount. |
| answer those important questions mentioned before: | | | | Organizations must develop a security plan for |
| What data should be kept and for how long? | | | | off-site storage of its business critical data, such as |
| The best practice is developing a classification | | | | an online data storage service. They can offer the |
| process to determine if the data is necessary to | | | | highest levels of encryption and remove human error |
| store. | | | | from the process. |
| This classification process can include input by the | | | | Data loss through accident or malicious damage is so |
| creators of the data and/or an IT committee or an | | | | widespread that off-site backup is now compulsory in |
| executive making the determination. | | | | most sectors. |
| IT executives must determine which records are | | | | Mission critical data: By definition, mission critical refers |
| relevant to business functions before they can | | | | to any procedure which is crucial to the successful |
| identify the data that must be stored. These records | | | | completion of a project. The storage of this data is |
| can include documents, journals and e-mails. | | | | vital to the success of a project. |
| Recent research indicates that Web users exchange | | | | Therefore, mission critical data is important in terms |
| 36.2 billion e-mails a day. Businesses often use e-mails | | | | of how the data affects the completion of a project |
| within their intranet to exchange business critical | | | | or business operations. |
| information. Instant messaging is also evolving into a | | | | Data storage industry leaders suggest that the most |
| primary means of communication with many | | | | common mission critical data storage issue for |
| businesses, and those messages can include | | | | businesses is separating useful important data from |
| information worth keeping. | | | | information that requires less management. |
| Only data that contains information critical to the | | | | One trap many businesses fall into is storing every |
| functions of the business should have a long-term | | | | piece of data without rhyme or reason. Sometimes |
| retention period. Generally, important business | | | | the staff has the habit of archiving everything. Some |
| documents and contracts should be retained seven | | | | analysts argue that e-mails should not be |
| years or permanently; payroll data three to seven | | | | mission-critical data, while others suggest that e-mails |
| years; and employee records three years. | | | | with important documents attached are certainly |
| Again, this varies depending on how the data | | | | mission critical. |
| retention relates to a business' function. | | | | Customers and inventory are an example of mission |
| What are the best ways to evaluate what data is | | | | critical data. That data should be accessible in |
| important to keep? | | | | real-time to meet the needs of the customers. Any |
| First, businesses must institute a global hierarchical | | | | down time will break down the credibility and |
| data archival and retention management system. This | | | | effectiveness of the business. |
| system controls the technologies and the users | | | | The bottom line is that companies must execute a |
| involved. When creating policies, businesses must | | | | disciplined approach to data storage. That means |
| follow corporate mandates to meet all requirements. | | | | deciding what data is most important and allocating |
| Management of this data retention system should | | | | storage spending accordingly. While it is more work, it |
| sort through the requirements of what constitutes | | | | helps an organization in operational effectiveness, risk |
| import data. | | | | reduction and cost avoidance. |
| Establish a manageable set of classifications that can | | | | Operationally important data: Any data that affects |
| suit the entire organization. A business should | | | | the day-to-day operations of a business is |
| approach data classification in small pieces. For | | | | operationally important. Loss of this data can be |
| example, the classification could start with specific | | | | extremely inconvenient, but it does not jeopardize |
| data types, such as backups or e-mail and then | | | | the viability of the company. |
| move to more general categories of company data. | | | | Data retention must be timely, and ensure that |
| If this process is overwhelming, consultants and | | | | useful, quality data is at the fingertips of the user. |
| professional services can help the process. These | | | | For instance, inventory is important to sales. If a |
| agencies cannot determine the true value of the | | | | customer requests 30 pieces of merchandise, it is |
| company's data, but they can ask the meaningful | | | | important to know the availability immediately. |
| questions that will get process going in the right | | | | In summary, these processes have to be reviewed |
| direction. | | | | to manage both the regulatory requirements and the |
| Ironically, in this computer age, evaluating what data | | | | risk associated with the data. You must assess the |
| is important to keep is almost entirely a human | | | | entire technology infrastructure, from the smallest |
| decision-making exercise. Software and hardware | | | | applet to the largest server. |
| products are available to help discover data within the | | | | Companies must continually improve these processes |
| organization. They determine its location, set policies | | | | for reliable audit preparation. This platform must be |
| on that data and measure the adherence to those | | | | scalable to allow technologies, processes and business |
| policies. However, no product has the intelligence | | | | needs to keep pace with new regulations and |
| needed to determine the value of a company's data. | | | | changing market conditions. |
| In terms of hardware devices, storage subsystems | | | | A solid plan for efficient, reliable and secure data |
| can add an indirect benefit to data retention. For | | | | retention must be a priority. Any company that sees |
| example, a tiered storage system may indirectly | | | | it differently is putting itself at risk. |
| support data classification. By influencing the cost of | | | | |