Back-up blight: Kroll Ontrack reveals major weaknesses in enterprise compliance policies
Despite the fact that most companies believe data recovery is the most important component of a compliance plan, only 50 percent surveyed say it's part of their organization's compliance policy. Regulations such as Sarbanes-Oxley, HIPAA, PCI, and FACTA make it clear that companies have a responsibility to protect data and make significant attempts to retrieve data that is compromised or lost.
A recent survey from Kroll Ontrack , a provider of data recovery products and services, confirms that many companies fail to include data recovery in their compliance policies, which can lead to potentially dire business consequences.
Despite the fact that 78 percent of respondents believe data recovery is the most important component of a compliance plan, only 50 percent say it is part of their company's compliance policy.
Regulations such as Sarbanes-Oxley, HIPAA, PCI, and FACTA make it clear that companies have a responsibility to protect data and make significant attempts to retrieve data that is compromised or lost.
For a company, the consequences of noncompliance can be severe—i.e., financial penalties, reduced stock value, loss of customer confidence, and lost sales revenue. So it is surprising that 46 percent of respondents weren't sure if their company even had a general policy to comply with the applicable regulations.
And given the potential consequences, it's startling that nearly half of respondents—43 percent—don't believe their companies test their back-up systems to ensure data can be produced if needed. Because natural disasters—e.g., the San Diego fires and Hurricane Katrina—human error, and software and hardware malfunctions are unpredictable, this finding reveals that critical electronic data is in jeopardy of being lost and potentially unrecoverable.
Says Jim Reinert, VP of data recovery and software products for Kroll Ontrack, "Given the vast number of information-oriented regulations that have been enacted, companies should ensure a preferred data recovery provider is part of their compliance plan in case a data-loss situation ever ensues. The risk of neglecting to do so is too high."
To help businesses avoid potential noncompliance penalties, Kroll Ontrack recommends not only selecting a preferred data recovery provider, but identifying the name and contact information of the provider in the overall business compliance policy. Furthermore, establishing the vendor in the business procurement system will better ensure a smooth recovery effort if and when a data loss situation arises.
Kroll Ontrack Data Recovery Services helps businesses and consumers recover lost or corrupted data from all types of operating systems and media and storage devices via do-it-yourself, remote, and in-lab capabilities.