Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IBM and the Sarbanes-Oxley Act of 2002

IBM's TotalStorage Data Retention 450 embeds Tivoli Storage Manager for Data Retention on IBM's own eServer p615, in a secure cabinet. The 450 comes with tape-drive support for either the 3590 or LTO (Linear Tape Open) product family. It aims to protect data integrity and enforce retention policies. Policy-based retention rules let enterprises keep data forever or for a set time. Upon an event or expiration date, data can be automatically archived or destroyed. The product even has a handy "hold" button to interrupt policy enforcement and retain all data if an official investigation or civil litigation is threatened.

This all seems like a sound approach to data retention. But you need more than a retention plan to comply with laws like Sarbox and HIPAA (Health Insurance Portability and Accountability Act). You also must limit access to records by user, group or role and leave an audit trail of all activity. For that, you must add a documents- or records-management product such as IBM's E-Records Manager, on top of spending $150,000 or so for the 450, to achieve a complete solution.

Post a comment or question on this story.