Critical. Authoritative. Strategic.


CBR is proudly produced & published
by Technews
Issue Date: August 2007

Sloppy digital records preservation lurks unknown in server rooms

16 August 2007

Many companies make backups of their electronic information and store operational data in electronic archives. However, few do this correctly or thoroughly and they are unaware of the resultant legal ramifications, says PAUL MULLON, information governance executive at Metrofile.
There is much South African legislation that requires companies not only to retain records, but preserve them in a responsible manner, with due care to their safety. If those records happen to be electronic, then due care means proper backups, that they are correctly stored, protected and available.
This comes as a result of guidelines, old and new legislation in South Africa. More specifically:
* The Close Corporations Act, number 69 of 1984.

* The Companies Act, number 61 of 1973.

* The Promotion of Access to Information Act.

* The Financial Intelligence Centre Act (FICA).

* The King II report on corporate governance.

* The right of access to records of public bodies.

* The Electronic Communications and Transactions Act (ECT).

* The Financial Advisory and Intermediary Services (FAIS) Act>
The Promotion of Access to Information Act contains a section detailing the right of access to records of public bodies. "A requester must be given access to a record of a public body if certain conditions are met.
If that information is held on a computer system, the Government department has a responsibility to ensure that the information is available, and this means that adequate steps must be taken to protect those systems."
Information stored on an unmarked backup tape or in an uncatalogued digital archive in a dark and chaotic basement will not be available.
Civil servants untrained in the mysterious art of record management will be hard pressed to deliver on government's policies. Mysterious is the correct word. There are few fully trained records managers available and they tend to be headhunted between firms and government departments.
By the same token, if backups are not performed, then the information might readily be lost instead of available. One system error or one power failure could lead to a staggering loss of information and data.
Perhaps backups are conducted regularly but tapes are stored in the server room right next to the systems whose information they contain, or transported off-site in car boots or on back seats to the IT manager's home where they are placed in a cupboard. Those are particularly unsafe practices and officials will frown upon those conducting themselves in that manner.
According to the Companies Act: "When it appears ... that any business of the company was or is being carried on recklessly ... the Court may ... declare that any person who was knowingly a party to the carrying on of the business in the manner aforesaid, shall be personally responsible".
Slightly more subtle, yet equally menacing, the National Archives and Records Services requirements spell it out for government departments:
"Governmental bodies should preserve and care for any item forming part of an electronic records system in such a manner as to ensure that they are not exposed to harm or unauthorised access and under such specific conditions as the National Archivist may prescribe".
It continues with general maintenance guidelines: "Backup the files and documents on disks often. This is the single most important action users can take to ensure that the information they need will be available. The central computer facility staff periodically performs systemwide backups. When users share a microcomputer, or have one on their desks, they must be encouraged to back up their files, preferably after every update. Keep a backup on the other side of a firewall or in an off-site location. Maintain preservation mastersets and store these in a separate location ..."
The guidelines continue and they spell out a number of important issues.
The general tenets remain the same for government and private commerce.
Ensure that the backups are performed according to a schedule. Ensure that the backups are successful. This is crucial. Very often the backups are done regularly but if they are never tested, and have failed, then the result is the same and the backup effort is wasted. Do not haphazardly transport and store backup media.
Failure to do so will result in:
* Loss of control.

* Lack of data protection.

* Lost data.

* Lack of adherence to corporate governance legislation.

* Business continuity being at risk.

* Backups being destroyed in the event of a disaster.

* Risk management spiralling out of control.

* Lack of environmental controls that destroys information.
Companies that perform their own backup and storage seldom take care of all of these risks or develop infrastructure of the necessary calibre because it is too costly and not their area of expertise.
For more information contact Paul Mullon,

Others who read this also read these articles

  • Everything in its place

    A 2006 EMC-sponsored AIIM survey, which investigated the role of ECM in storage decisions, found that larger organisations are aggressively pursuing consolidation and rationalisation of their storage and content archiving strategies

    [ March 2008 ]

  • The art of compliant backup

    New regulations on both sides of the Atlantic, such as the Freedom of Information Act (2000) in the UK or new electronic data retention rules in the US (Federal Rules of Civil Procedure 26, 2006), mean electronic data now needs to be retained for compliance reasons

    [ January 2008 ]

  • MarketWatch: Dell steps up storage with EqualLogic

    The purchase will take Dell into the realm of technology development for the very first time

    [ November 2007 ]

  • Virtualisation grows up

    While the technology is designed to simplify server administration by breaking hardware dependency and creating a pool of processing resources on which software can run, this has a knock-on effect on systems management and monitoring, as well as storage management and back-up

    [ November 2007 ]

  • Throwing a lifeline?

    Although IT budgets overall remain flat, the portion for storage has grown from 13% in 2002, to a 22% average in 2006

    [ November 2007 ]

  • MWeb Business uses Attix5 for backup and restore

    Designed for bandwidth-rare South African conditions, it uses very little capacity by only updating those files which have changed since the previous backup

    [ August 2007 ]

  • Alexander Forbes boosts DR capabilities with DCC and DiData

    Server virtualisation enables Alexander Forbes to manage approximately 200 to 300 servers on just 16 blades

    [ August 2007 ]

  • One-stop storage solutions

    Quantum has the most comprehensive portfolio of disk-based backup and de-duplication/replication solutions, is the no. 1 provider of tape automation, as well as a long-standing leader in tape drives and media

    [ July 2007 ]

Others who read this also read these regulars

Search Site

Search Directory

  • Search for:


Previous Issues