What are you looking for ?
Infinidat
Articles_top

Difference Between Backup and Archiving: Guide for Small Financial Firms

By Allan Lonz, president, AdvisorVault

Understanding the Difference between backup and Data Archiving:
A Guide for Small Financial Firms
By Allan Lonz, president. AdvisorVault Inc.

When it comes to satisfying today’s data compliance regulation such as SEC 17a-4, the big question financial firms have to ask themselves is, “What is the difference between regular backup and data archiving?

This is important to answer, especially for small firms such as broker-dealers and registered investment advisors because they have to outsource this process to a designated third party. Therefore, it is critical they choose the right provider, because in the end it is their responsibility to ensure data is properly protected to allow full DR and audit supervision.

When we start the data compliance process for our clients, we initially begin by identifying what data needs to be backed up for DR and what should be protected for audit supervision purposes,” said Allan Lonz, president, AdvisorVault, a remote backup provider created to help small financial firms with compliance,

From this point we can begin to create an effective archiving solution to achieve the main requirements of SEC rule 17a-4 and streamline the whole data protection process for our customers,”  added Allan.

Backup vs. Data Archiving
First of all, regular backup is a process designed specifically for DR and is performed every night, or several time throughout the day for data that changes frequently. Furthermore, to keep the cost of compliance low, this type of backup does not retain data for long periods of time and purges it after a certain period, usually 30 days.

Also, an effective backup plan contains extra information that is not includes in data archiving. For example, it should include the systems state configuration of critical servers so that programs and other information can be restored for a bare metal recovery of the whole system. Finally, testing restores of backups should be done differently than data archiving. It is performed on a regular a basis and needs to be tested for restoring data back to their original location or to a secondary DR site.

Data archiving on the other hand is designed specifically for compliance supervision. It is an extra step applied to the regular daily backups which contains only electronic records related to the books and records as well as any communication between registered reps and clients, as defined by SEC rule 17a-4. Also, an effective data archiving strategy includes a supervisory interface that allows compliance officers to review the archive at any time for regular audit supervision or when requested by regulators. Testing of data archiving process is also done differently and is performed only as a sample test of certain data for a specific time period to pass audits or for regular supervisory activities. Therefore an additional supervisory interface is required that has specific advanced features built into it.

Key Features of Effective Backup and Archiving Solution:
A proper backup and archiving solution to meet SEC 17a-4 needs the following features:

  1. Comprehensive. Rule 17a-4 stipulates that a firms must protect and keep available the books and records relating to its business. This must include data such as email residing on internal servers or PCs and other records such as word documents, PDFs, scanned files and key users databases on users’ HDDs or in the cloud
  2. Completely Self-Managed. The backup and archiving process should be fully managed by the provider who will completely administer the process to ensure no gaps appear in a firm’s data compliance strategy
  3. Reporting. A provider’s backup and archiving software should have the ability to send automatic email reports to compliance officers for review. This will be part of the firms’ supervisory duties and a key component of their regular compliance reporting and auditing procedures
  4. Indexing of Data. A compliant supervisory tool automatically indexes data added to the archive. Indexing means data can be retrieved properly so searches are faster and all info is included in the archive
  5. Secure Access. Ideally, the archive will be accessed from a secure web interface. This allows compliance officers and other staff to easily share the supervisory responsibilities
  6. Downloading Data. Compliance officers need to make copies of electronic records for auditors. And a proper supervisory solution will centralize the downloading of all data such as emails, word documents, scanned records and key client databases

Archiving Static Data and Dynamic Data
To make sure data is properly protected for full compliance, it is also important to understand the difference between the two main data types – static and dynamic; each requires a different approach to ensure full protection. Static data consist of things such as word documents, scanned records, PDFs and client databases. However, because static data does not change often, a proper backup solution is designed to regularly pull this data off existing disk stored in-house or in the cloud.

The key is to ensure no one is accessing these files when they are being backed up for full compliance with the demands of SEC rule 17a-4. For example, it is important that users are fully logged out of programs or not accessing documents during the backup process, this way data is not in a locked state. Or if users cannot disconnect from the system, the backup software has the intelligence to recognize locked files and is able to make copies of them when they are in use.
On the other hand dynamic data includes emails, text messages, social media and other files that change constantly.

An effective archiving solution will take copies of dynamic data before it is entered into the system by using a forward and store method. This method essentially captures data before it enters the customers system, places it in the archive and then forwards it on to its final destination. Therefore, ensuring it is not modified when it enters the customers’ system. This way the long-term data archiving retention requirements of SEC rule 17a-4 are met because files are kept in their original state at all times in a secondary location with a designated third party (D3P).

Summary
To properly achieve SEC rule 17a-4 and its long-term data retention requirements, it is important for financial firms such broker-dealers and registered investment advisors to fully understand the difference between regular backup and data archiving. By doing this they will be able to effectively recover from disasters and make sure they can perform audit supervision. At the same, time they need to know the difference between the two data types: dynamic and static because this will further help them make sure electronic records are fully protected. Because in the end, the goal is to achieve the key requirements of SEC 17a-4 efficiently as possible without increasing the overall cost of data compliance.

Articles_bottom
AIC
ATTO
OPEN-E